Moderate: openswan security update
| Advisory: | RHSA-2011:1422-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2011-11-02 |
| Last updated on: | 2011-11-02 |
| Affected Products: | Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Server EUS (v. 6.1.z) Red Hat Enterprise Linux Workstation (v. 6) |
| CVEs (cve.mitre.org): |
CVE-2011-4073 |
Details
Updated openswan packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks.
A use-after-free flaw was found in the way Openswan's pluto IKE daemon used
cryptographic helpers. A remote, authenticated attacker could send a
specially-crafted IKE packet that would crash the pluto daemon. This issue
only affected SMP (symmetric multiprocessing) systems that have the
cryptographic helpers enabled. The helpers are disabled by default on Red
Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux
6. (CVE-2011-4073)
Red Hat would like to thank the Openswan project for reporting this issue.
Upstream acknowledges Petar Tsankov, Mohammad Torabi Dashti and David Basin
of the information security group at ETH Zurich as the original reporters.
All users of openswan are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, the ipsec service will be restarted automatically.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Updated packages
| Red Hat Enterprise Linux (v. 5 server) | |
| SRPMS: | |
| openswan-2.6.21-5.el5_7.6.src.rpm File outdated by: RHSA-2013:0827 |
MD5: 4333de68c7a51ea9a52b6df7eca5d1b9 SHA-256: 8217358f258107807c66f5173f12e2d88cd708205de9f14660a11d8c3b61d65a |
| IA-32: | |
| openswan-2.6.21-5.el5_7.6.i386.rpm File outdated by: RHSA-2013:0827 |
MD5: 31e830eb7eb2d805e015819a29617d28 SHA-256: fd1a785e6500655e3dc6e0874e9c4a840cc194977964e17b9856d5b691123981 |
| openswan-doc-2.6.21-5.el5_7.6.i386.rpm File outdated by: RHSA-2013:0827 |
MD5: 6cbd00b16afa10ab67d4ba629ed38276 SHA-256: 393a68cb883f900734ab4f3e5ea1d2ce90bec989f4d9082126f4a94f93a6ecc7 |
| IA-64: | |
| openswan-2.6.21-5.el5_7.6.ia64.rpm File outdated by: RHSA-2013:0827 |
MD5: 9085d4241ad95280e4591a80dc7de88e SHA-256: 785c7fb08ecda4dbe7e2a4aec3bc25bb6ef0da1a8bb98acd4581687ecc45bee9 |
| openswan-doc-2.6.21-5.el5_7.6.ia64.rpm File outdated by: RHSA-2013:0827 |
MD5: 0be0e935934ad1a2bcb65201ece114f8 SHA-256: 7df6991b09a160630905eef37212e026180f6f743abdb2b53fcc25ca69a2ba6b |
| PPC: | |
| openswan-2.6.21-5.el5_7.6.ppc.rpm File outdated by: RHSA-2013:0827 |
MD5: 2b610dcbbeb7e4575d7fda1b36293e98 SHA-256: d850b90379d9ec7cc890753de100f8a5a6dde0e7d15de9644d7ab53144f5798e |
| openswan-doc-2.6.21-5.el5_7.6.ppc.rpm File outdated by: RHSA-2013:0827 |
MD5: 6abc08d5de754a18d7ab9a67055a5d42 SHA-256: 34fc6ec9bd40189377ef8559d7798ec790d1bfeabe60c43470711771fecd2148 |
| s390x: | |
| openswan-2.6.21-5.el5_7.6.s390x.rpm File outdated by: RHSA-2013:0827 |
MD5: c11def2b98e38fe8edfe6fddaba997f2 SHA-256: bd491428310b39605c021bc0f9745425f9d4ba467bd208ccb732fe7426dea89d |
| openswan-doc-2.6.21-5.el5_7.6.s390x.rpm File outdated by: RHSA-2013:0827 |
MD5: eb5220bb2681a8d032e9c10a682c12e4 SHA-256: dd75ade86002b32ee0f7750462ea4983faa20ba9452fe2bf51d354c5b2ca8a16 |
| x86_64: | |
| openswan-2.6.21-5.el5_7.6.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: 583f387096649ce0f2c74b1ec9bc2a0e SHA-256: 824affbeacfdf8ceeb63b5a0195a374ea75d3c74c0f6d5e59c954bdf02988980 |
| openswan-doc-2.6.21-5.el5_7.6.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: 482bc27d7b307f5306795b424877e6eb SHA-256: 335a6b3c32cd9ace8e251c6310e0800ea796314e538614778044b4eb47e1e097 |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| openswan-2.6.21-5.el5_7.6.src.rpm File outdated by: RHSA-2013:0827 |
MD5: 4333de68c7a51ea9a52b6df7eca5d1b9 SHA-256: 8217358f258107807c66f5173f12e2d88cd708205de9f14660a11d8c3b61d65a |
| IA-32: | |
| openswan-2.6.21-5.el5_7.6.i386.rpm File outdated by: RHSA-2013:0827 |
MD5: 31e830eb7eb2d805e015819a29617d28 SHA-256: fd1a785e6500655e3dc6e0874e9c4a840cc194977964e17b9856d5b691123981 |
| openswan-doc-2.6.21-5.el5_7.6.i386.rpm File outdated by: RHSA-2013:0827 |
MD5: 6cbd00b16afa10ab67d4ba629ed38276 SHA-256: 393a68cb883f900734ab4f3e5ea1d2ce90bec989f4d9082126f4a94f93a6ecc7 |
| x86_64: | |
| openswan-2.6.21-5.el5_7.6.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: 583f387096649ce0f2c74b1ec9bc2a0e SHA-256: 824affbeacfdf8ceeb63b5a0195a374ea75d3c74c0f6d5e59c954bdf02988980 |
| openswan-doc-2.6.21-5.el5_7.6.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: 482bc27d7b307f5306795b424877e6eb SHA-256: 335a6b3c32cd9ace8e251c6310e0800ea796314e538614778044b4eb47e1e097 |
| Red Hat Enterprise Linux Desktop (v. 6) | |
| SRPMS: | |
| openswan-2.6.32-4.el6_1.4.src.rpm File outdated by: RHSA-2013:0827 |
MD5: ee26e2300313c23198a7320e7f938d7e SHA-256: 984d92f936f0b7c0ffdbefa9f39ad8b8c3d904a3a39733cdac1f294c42a216af |
| IA-32: | |
| openswan-2.6.32-4.el6_1.4.i686.rpm File outdated by: RHSA-2013:0827 |
MD5: f482796f54dac568c11c02d430d96258 SHA-256: 735dcdcae087297768b84c3ed3437aa3a041000a139f5de04907b370eae277a3 |
| openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm File outdated by: RHSA-2013:0827 |
MD5: cd5724d0d41c5e40c5cc2bb231610fd1 SHA-256: 7e3910d7159091cdb8c3382fc74033002deefbd778f0b8c6410953f29a4b5de4 |
| openswan-doc-2.6.32-4.el6_1.4.i686.rpm File outdated by: RHSA-2013:0827 |
MD5: ebc7f7168848df2336452ec5dc5c8898 SHA-256: 16ca2f4c1bdd144ef830f6d89c647c93ac9cf77a28f56808ff623aced0f1bcfc |
| x86_64: | |
| openswan-2.6.32-4.el6_1.4.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: 1f5caf1ccf44cde849a9e4fc59ce5c7f SHA-256: e1cba26f2c97aeb68414592133c3bedea9103acbde8ed552e387057970a8bcae |
| openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: bdadfa92a0e6c0a14d6fbea58756c1c2 SHA-256: 82bac6ddae21a6d74437f7afa35dff7c5ca2df3803360e140df204fde80335fd |
| openswan-doc-2.6.32-4.el6_1.4.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: 5fdc84560c6a18c6fcce35bf4bc3dada SHA-256: 7d429b19de6c64ac40ff216f67cff403a27d6154654aec6896b55adbf74f4c17 |
| Red Hat Enterprise Linux Server (v. 6) | |
| SRPMS: | |
| openswan-2.6.32-4.el6_1.4.src.rpm File outdated by: RHSA-2013:0827 |
MD5: ee26e2300313c23198a7320e7f938d7e SHA-256: 984d92f936f0b7c0ffdbefa9f39ad8b8c3d904a3a39733cdac1f294c42a216af |
| IA-32: | |
| openswan-2.6.32-4.el6_1.4.i686.rpm File outdated by: RHSA-2013:0827 |
MD5: f482796f54dac568c11c02d430d96258 SHA-256: 735dcdcae087297768b84c3ed3437aa3a041000a139f5de04907b370eae277a3 |
| openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm File outdated by: RHSA-2013:0827 |
MD5: cd5724d0d41c5e40c5cc2bb231610fd1 SHA-256: 7e3910d7159091cdb8c3382fc74033002deefbd778f0b8c6410953f29a4b5de4 |
| openswan-doc-2.6.32-4.el6_1.4.i686.rpm File outdated by: RHSA-2013:0827 |
MD5: ebc7f7168848df2336452ec5dc5c8898 SHA-256: 16ca2f4c1bdd144ef830f6d89c647c93ac9cf77a28f56808ff623aced0f1bcfc |
| PPC: | |
| openswan-2.6.32-4.el6_1.4.ppc64.rpm File outdated by: RHSA-2013:0827 |
MD5: 816c2a40220888569a8ea6fbef1f40f6 SHA-256: bbf7fcf50a4583a90b7fe1ddf5a4c08e4b870cb0e6572ab07cbce3dbeac2b5c8 |
| openswan-debuginfo-2.6.32-4.el6_1.4.ppc64.rpm File outdated by: RHSA-2013:0827 |
MD5: 39da01f43b3ed905ae2993fd23805fef SHA-256: fdd3a9a118a07add3bbd4523d499a38917f37b400e06128fad764b7021c18d7d |
| openswan-doc-2.6.32-4.el6_1.4.ppc64.rpm File outdated by: RHSA-2013:0827 |
MD5: 8045dbb1e6495eb7af0acce763efe398 SHA-256: dbd31373fb70f3037838e6c2f25f49824aadeba69ab76b4a1b8a53fcee25d344 |
| s390x: | |
| openswan-2.6.32-4.el6_1.4.s390x.rpm File outdated by: RHSA-2013:0827 |
MD5: b2916ff83e54b412d6a03b597a37e9ee SHA-256: d65ac12af4fde6f90ce35200826e1e49b24c022d46b7999e6b6e38c3aac8f67e |
| openswan-debuginfo-2.6.32-4.el6_1.4.s390x.rpm File outdated by: RHSA-2013:0827 |
MD5: 09e8a7ff8beff1d5ae5b20b2e9a55872 SHA-256: 8dcc1a06fa03ba848413460623f52c0e80c550fc8bf29f7270808d943a2fe42b |
| openswan-doc-2.6.32-4.el6_1.4.s390x.rpm File outdated by: RHSA-2013:0827 |
MD5: bc498d9d018f7c8b6b9a6e88143be8d6 SHA-256: 4761ac0c6241515d84a16ed00efa65610bfa09e59d8db449b03f84659c1f5e7c |
| x86_64: | |
| openswan-2.6.32-4.el6_1.4.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: 1f5caf1ccf44cde849a9e4fc59ce5c7f SHA-256: e1cba26f2c97aeb68414592133c3bedea9103acbde8ed552e387057970a8bcae |
| openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: bdadfa92a0e6c0a14d6fbea58756c1c2 SHA-256: 82bac6ddae21a6d74437f7afa35dff7c5ca2df3803360e140df204fde80335fd |
| openswan-doc-2.6.32-4.el6_1.4.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: 5fdc84560c6a18c6fcce35bf4bc3dada SHA-256: 7d429b19de6c64ac40ff216f67cff403a27d6154654aec6896b55adbf74f4c17 |
| Red Hat Enterprise Linux Server EUS (v. 6.1.z) | |
| SRPMS: | |
| openswan-2.6.32-4.el6_1.4.src.rpm File outdated by: RHSA-2013:0827 |
MD5: ee26e2300313c23198a7320e7f938d7e SHA-256: 984d92f936f0b7c0ffdbefa9f39ad8b8c3d904a3a39733cdac1f294c42a216af |
| IA-32: | |
| openswan-2.6.32-4.el6_1.4.i686.rpm | MD5: f482796f54dac568c11c02d430d96258 SHA-256: 735dcdcae087297768b84c3ed3437aa3a041000a139f5de04907b370eae277a3 |
| openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm | MD5: cd5724d0d41c5e40c5cc2bb231610fd1 SHA-256: 7e3910d7159091cdb8c3382fc74033002deefbd778f0b8c6410953f29a4b5de4 |
| openswan-doc-2.6.32-4.el6_1.4.i686.rpm | MD5: ebc7f7168848df2336452ec5dc5c8898 SHA-256: 16ca2f4c1bdd144ef830f6d89c647c93ac9cf77a28f56808ff623aced0f1bcfc |
| PPC: | |
| openswan-2.6.32-4.el6_1.4.ppc64.rpm | MD5: 816c2a40220888569a8ea6fbef1f40f6 SHA-256: bbf7fcf50a4583a90b7fe1ddf5a4c08e4b870cb0e6572ab07cbce3dbeac2b5c8 |
| openswan-debuginfo-2.6.32-4.el6_1.4.ppc64.rpm | MD5: 39da01f43b3ed905ae2993fd23805fef SHA-256: fdd3a9a118a07add3bbd4523d499a38917f37b400e06128fad764b7021c18d7d |
| openswan-doc-2.6.32-4.el6_1.4.ppc64.rpm | MD5: 8045dbb1e6495eb7af0acce763efe398 SHA-256: dbd31373fb70f3037838e6c2f25f49824aadeba69ab76b4a1b8a53fcee25d344 |
| s390x: | |
| openswan-2.6.32-4.el6_1.4.s390x.rpm | MD5: b2916ff83e54b412d6a03b597a37e9ee SHA-256: d65ac12af4fde6f90ce35200826e1e49b24c022d46b7999e6b6e38c3aac8f67e |
| openswan-debuginfo-2.6.32-4.el6_1.4.s390x.rpm | MD5: 09e8a7ff8beff1d5ae5b20b2e9a55872 SHA-256: 8dcc1a06fa03ba848413460623f52c0e80c550fc8bf29f7270808d943a2fe42b |
| openswan-doc-2.6.32-4.el6_1.4.s390x.rpm | MD5: bc498d9d018f7c8b6b9a6e88143be8d6 SHA-256: 4761ac0c6241515d84a16ed00efa65610bfa09e59d8db449b03f84659c1f5e7c |
| x86_64: | |
| openswan-2.6.32-4.el6_1.4.x86_64.rpm | MD5: 1f5caf1ccf44cde849a9e4fc59ce5c7f SHA-256: e1cba26f2c97aeb68414592133c3bedea9103acbde8ed552e387057970a8bcae |
| openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm | MD5: bdadfa92a0e6c0a14d6fbea58756c1c2 SHA-256: 82bac6ddae21a6d74437f7afa35dff7c5ca2df3803360e140df204fde80335fd |
| openswan-doc-2.6.32-4.el6_1.4.x86_64.rpm | MD5: 5fdc84560c6a18c6fcce35bf4bc3dada SHA-256: 7d429b19de6c64ac40ff216f67cff403a27d6154654aec6896b55adbf74f4c17 |
| Red Hat Enterprise Linux Workstation (v. 6) | |
| SRPMS: | |
| openswan-2.6.32-4.el6_1.4.src.rpm File outdated by: RHSA-2013:0827 |
MD5: ee26e2300313c23198a7320e7f938d7e SHA-256: 984d92f936f0b7c0ffdbefa9f39ad8b8c3d904a3a39733cdac1f294c42a216af |
| IA-32: | |
| openswan-2.6.32-4.el6_1.4.i686.rpm File outdated by: RHSA-2013:0827 |
MD5: f482796f54dac568c11c02d430d96258 SHA-256: 735dcdcae087297768b84c3ed3437aa3a041000a139f5de04907b370eae277a3 |
| openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm File outdated by: RHSA-2013:0827 |
MD5: cd5724d0d41c5e40c5cc2bb231610fd1 SHA-256: 7e3910d7159091cdb8c3382fc74033002deefbd778f0b8c6410953f29a4b5de4 |
| openswan-doc-2.6.32-4.el6_1.4.i686.rpm File outdated by: RHSA-2013:0827 |
MD5: ebc7f7168848df2336452ec5dc5c8898 SHA-256: 16ca2f4c1bdd144ef830f6d89c647c93ac9cf77a28f56808ff623aced0f1bcfc |
| x86_64: | |
| openswan-2.6.32-4.el6_1.4.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: 1f5caf1ccf44cde849a9e4fc59ce5c7f SHA-256: e1cba26f2c97aeb68414592133c3bedea9103acbde8ed552e387057970a8bcae |
| openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: bdadfa92a0e6c0a14d6fbea58756c1c2 SHA-256: 82bac6ddae21a6d74437f7afa35dff7c5ca2df3803360e140df204fde80335fd |
| openswan-doc-2.6.32-4.el6_1.4.x86_64.rpm File outdated by: RHSA-2013:0827 |
MD5: 5fdc84560c6a18c6fcce35bf4bc3dada SHA-256: 7d429b19de6c64ac40ff216f67cff403a27d6154654aec6896b55adbf74f4c17 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
748961 - CVE-2011-4073 openswan: use-after-free vulnerability leads to DoS
References
https://www.redhat.com/security/data/cve/CVE-2011-4073.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/updates/classification/#moderate
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
