Enhancement Advisory iproute enhancement update

Advisory: RHEA-2008:0451-3
Type: Product Enhancement Advisory
Severity: N/A
Issued on: 2008-05-21
Last updated on: 2008-05-21
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
OVAL: N/A

Details

An enhanced iproute package is now available.

Updated iproute package that fix a bug is now available.

This updated iproute package adds the following enhancements:

* support for ESP sequence number offsets for crash-recovery of certain
manually-keyed tunnels which enforce the ESP relay window (also known as
IMS-AKA negotiated security associations). This enhancement enables certain
functionality in the OpenSwan implementation of IPsec.

* support for AES CCM Mode with IPsec ESP, which enables support for RFC 4309.

Users of iproute are advised to upgrade to this updated package, which adds
these enhancements.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Enterprise Linux (v. 5 server)
SRPMS:
iproute-2.6.18-7.el5.src.rpm     6321c1afece68ca9aabb2f18ef72d429
 
IA-32:
iproute-2.6.18-7.el5.i386.rpm     1ecb9bb94f800b56d766ce3a445dda48
 
IA-64:
iproute-2.6.18-7.el5.ia64.rpm     db3f950ac541cef5da9aa6de8d20136d
 
PPC:
iproute-2.6.18-7.el5.ppc.rpm     6c4d4af22aef2a18547240158ecdffd9
 
s390x:
iproute-2.6.18-7.el5.s390x.rpm     1f878637cbc694d255d7d9daa0a204fc
 
x86_64:
iproute-2.6.18-7.el5.x86_64.rpm     49d4edade9bfb06cba0a3734a1c13bcc
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
iproute-2.6.18-7.el5.src.rpm     6321c1afece68ca9aabb2f18ef72d429
 
IA-32:
iproute-2.6.18-7.el5.i386.rpm     1ecb9bb94f800b56d766ce3a445dda48
 
x86_64:
iproute-2.6.18-7.el5.x86_64.rpm     49d4edade9bfb06cba0a3734a1c13bcc
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

441384 - [iPv6DoD] fix RFC 4309 Using AES CCM Mode with IPsec ESP


Keywords

AES, CCM, ESP, IPSec, Mode, sequence,

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/