ELSA-2016-2603

ELSA-2016-2603 - libreswan security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2016-11-09

Description


[3.15-8.0.1]
- add libreswan-oracle.patch to detect Oracle Linux distro

[3.15-8]
- Resolves: rhbz#1361721 libreswan pluto segfault [UPDATED]
- Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to response to bad INFORMATIONAL request [UPDATED]
- Resolves: rhbz#1309764 ipsec barf [additional man page update and --no-pager]

[3.15-7]
- Resolves: rhbz#1311360 When IKE rekeys, if on a different tunnel, all subsequent attempts to rekey fail
- Resolves: rhbz#1361721 libreswan pluto segfault

[3.15-6]
- Resolves: rhbz#1283468 keyingtries=0 is broken
- Resolves: rhbz#1297816 When using SHA2 as PRF algorithm, nonce payload is below the RFC minimum size
- Resolves: rhbz#1344567 CVE-2016-5361 libreswan: IKEv1 protocol is vulnerable to DoS amplification attack
- Resolves: rhbz#1313747 ipsec pluto returns zero even if it fails
- Resolves: rhbz#1302778 fips does not check hash of some files (like _import_crl)
- Resolves: rhbz#1278063 Unable to authenticate with PAM for IKEv1 XAUTH
- Resolves: rhbz#1257079 Libreswan doesn't call NetworkManager helper in case of a connection error
- Resolves: rhbz#1272112 ipsec whack man page discrepancies
- Resolves: rhbz#1280449 PAM xauth method does not work with pam_sss
- Resolves: rhbz#1290907 ipsec initnss/checknss custom directory not recognized
- Resolves: rhbz#1309764 ipsec barf does not show pluto log correctly in the output
- Resolves: rhbz#1347735 libreswan needs to check additional CRLs after LDAP CRL distributionpoint fails
- Resolves: rhbz#1219049 Pluto does not handle delete message from responder site in ikev1
- Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to response to bad INFORMATIONAL request
- Resolves: rhbz#1315412 ipsec.conf manpage does not contain any mention about crl-strict option
- Resolves: rhbz#1229766 Pluto crashes after stop when I use floating ip address


Related CVEs


CVE-2016-5361

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) libreswan-3.15-8.0.1.el7.src.rpmd74dbc69a9c8cd995c0e663a0494ea96ELBA-2020-4067
libreswan-3.15-8.0.1.el7.x86_64.rpmafb4a1e80347df1c2b72f2fd9f7e9edcELBA-2020-4067



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete