- Issued:
- 2011-07-19
- Updated:
- 2011-07-19
RHBA-2011:0961 - Bug Fix Advisory
Synopsis
openswan bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated openswan packages that resolve several issues are now available for Red
Hat Enterprise Linux 6.
Description
Openswan is a free implementation of IPsec and IKE (Internet Key Exchange) for
Linux. The openswan package contains the daemons and user space tools for
setting up Openswan. It supports the NETKEY/XFRM IPsec kernel stack that exists
in the default Linux kernel. Openswan 2.6.x also supports IKEv2 (RFC4306).
These updated openswan packages provide fixes for the following bugs:
- Openswan did not handle protocol and port (leftprotoport) configuration
correctly if the hostname parameter was configured instead of the ipaddress
parameter using Openswan. This update solves this issue, and Openswan now
correctly sets up policies with the correct protocol and port even when the
hostname parameter is configured. (BZ#712112)
- Prior to this update, very large security label strings received from the peer
were being truncated. The truncated string was then still used. However, this
truncated string could, under rare circumstances, turn out to be a valid string,
leading to an incorrect policy. Additionally, erroneous queuing of on-demand
requests of setting up an IPsec connection was discovered in the IKEv2 (Internet
Key Exchange) code. Although not harmful, it was not the intended design. This
update fixes both of these issues, and Openswan now correctly handles the IKE
setup. (BZ#712114)
- Previously, Openswan failed to set up AH (Authentication Header) mode security
associations (SAs). This was because Openswan was erroneously processing the AH
mode as if it was the ESP (Ecrypted Secure Payload) mode, and was expecting an
encryption key. This update fixes this issue, and it is now possible to properly
set up AH mode SAs. (BZ#712168)
- IPsec connections over a loopback interface did not work properly when a
specific port was configured. This was because incomplete IPsec policies were
being set up, leading to connection failures. This update fixes this issue, and
complete policies are now correctly established. (BZ#718078)
All users of openswan are advised to upgrade to these updated packages, which
resolve these issues.
Solution
Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.1 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.1 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for IBM z Systems 6 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.1 s390x
- Red Hat Enterprise Linux for Power, big endian 6 ppc64
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.1 ppc64
- Red Hat Enterprise Linux Server from RHUI 6 x86_64
- Red Hat Enterprise Linux Server from RHUI 6 i386
- Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1 x86_64
- Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1 i386
- Red Hat Virtual Storage Appliance (from RHUI) 6.1 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6 x86_64
Fixes
- BZ - 712112 - Protocol ports does not work if hostname is given instead of ipaddress with Openswan
- BZ - 712114 - Implementation issues found during Openswan code review for CCC evaluation
- BZ - 712168 - AH protocol broken with Openswan
- BZ - 718078 - incomplete policy for loopback when using *protoport=X/Y
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 6
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
x86_64 | |
openswan-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: 42bcaed85f9f7b90603d7f088e0f3c184e7ee3dd309e6ec4009ad6d01b538bd4 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-doc-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: a50ffcf3dcf792c1a25bb1271f829b7f54e0794a7042525c1d9be2ecc94da0da |
i386 | |
openswan-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8b56e07f8bca61da6af61971f270217c95630f7767c22826d8c8020839783a8f |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-doc-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8ffc104f4cf5895f133701b5737f740dbc29692b1e127a8e8dc6c01a0511317e |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.1
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
x86_64 | |
openswan-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: 42bcaed85f9f7b90603d7f088e0f3c184e7ee3dd309e6ec4009ad6d01b538bd4 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-doc-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: a50ffcf3dcf792c1a25bb1271f829b7f54e0794a7042525c1d9be2ecc94da0da |
i386 | |
openswan-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8b56e07f8bca61da6af61971f270217c95630f7767c22826d8c8020839783a8f |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-doc-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8ffc104f4cf5895f133701b5737f740dbc29692b1e127a8e8dc6c01a0511317e |
Red Hat Enterprise Linux Server - Extended Life Cycle Support 6
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
x86_64 | |
openswan-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: 42bcaed85f9f7b90603d7f088e0f3c184e7ee3dd309e6ec4009ad6d01b538bd4 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-doc-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: a50ffcf3dcf792c1a25bb1271f829b7f54e0794a7042525c1d9be2ecc94da0da |
i386 | |
openswan-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8b56e07f8bca61da6af61971f270217c95630f7767c22826d8c8020839783a8f |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-doc-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8ffc104f4cf5895f133701b5737f740dbc29692b1e127a8e8dc6c01a0511317e |
Red Hat Enterprise Linux Workstation 6
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
x86_64 | |
openswan-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: 42bcaed85f9f7b90603d7f088e0f3c184e7ee3dd309e6ec4009ad6d01b538bd4 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-doc-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: a50ffcf3dcf792c1a25bb1271f829b7f54e0794a7042525c1d9be2ecc94da0da |
i386 | |
openswan-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8b56e07f8bca61da6af61971f270217c95630f7767c22826d8c8020839783a8f |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-doc-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8ffc104f4cf5895f133701b5737f740dbc29692b1e127a8e8dc6c01a0511317e |
Red Hat Enterprise Linux Desktop 6
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
x86_64 | |
openswan-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: 42bcaed85f9f7b90603d7f088e0f3c184e7ee3dd309e6ec4009ad6d01b538bd4 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-doc-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: a50ffcf3dcf792c1a25bb1271f829b7f54e0794a7042525c1d9be2ecc94da0da |
i386 | |
openswan-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8b56e07f8bca61da6af61971f270217c95630f7767c22826d8c8020839783a8f |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-doc-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8ffc104f4cf5895f133701b5737f740dbc29692b1e127a8e8dc6c01a0511317e |
Red Hat Enterprise Linux for IBM z Systems 6
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
s390x | |
openswan-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 710509cd980eb26a5e4616a8208810d45bc48d8be84db801e40618ce33074ead |
openswan-debuginfo-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 8ca0d378fa39870c0f20dcb8ed3bbcac02fa35d49b174c9ae86d41d91416b89a |
openswan-debuginfo-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 8ca0d378fa39870c0f20dcb8ed3bbcac02fa35d49b174c9ae86d41d91416b89a |
openswan-doc-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 35c63ce193862315df8a422957b2e7c674224b51fc5e8d3bc1c8b621a552b5ba |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.1
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
s390x | |
openswan-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 710509cd980eb26a5e4616a8208810d45bc48d8be84db801e40618ce33074ead |
openswan-debuginfo-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 8ca0d378fa39870c0f20dcb8ed3bbcac02fa35d49b174c9ae86d41d91416b89a |
openswan-debuginfo-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 8ca0d378fa39870c0f20dcb8ed3bbcac02fa35d49b174c9ae86d41d91416b89a |
openswan-doc-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 35c63ce193862315df8a422957b2e7c674224b51fc5e8d3bc1c8b621a552b5ba |
Red Hat Enterprise Linux for Power, big endian 6
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
ppc64 | |
openswan-2.6.32-4.el6_1.1.ppc64.rpm | SHA-256: 62680a840d061a907bbdd1a93526214112c7f874d4904d59e9e99272f1d6a3f4 |
openswan-debuginfo-2.6.32-4.el6_1.1.ppc64.rpm | SHA-256: c5cb6ceb3b7582db8de1fa01820d9e47afe35277595e864c15859640e2d380a2 |
openswan-debuginfo-2.6.32-4.el6_1.1.ppc64.rpm | SHA-256: c5cb6ceb3b7582db8de1fa01820d9e47afe35277595e864c15859640e2d380a2 |
openswan-doc-2.6.32-4.el6_1.1.ppc64.rpm | SHA-256: 9379ca8ab5799c2d597f926e3552e24343c85de734498bb819afe07e4c98f90b |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.1
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
ppc64 | |
openswan-2.6.32-4.el6_1.1.ppc64.rpm | SHA-256: 62680a840d061a907bbdd1a93526214112c7f874d4904d59e9e99272f1d6a3f4 |
openswan-debuginfo-2.6.32-4.el6_1.1.ppc64.rpm | SHA-256: c5cb6ceb3b7582db8de1fa01820d9e47afe35277595e864c15859640e2d380a2 |
openswan-debuginfo-2.6.32-4.el6_1.1.ppc64.rpm | SHA-256: c5cb6ceb3b7582db8de1fa01820d9e47afe35277595e864c15859640e2d380a2 |
openswan-doc-2.6.32-4.el6_1.1.ppc64.rpm | SHA-256: 9379ca8ab5799c2d597f926e3552e24343c85de734498bb819afe07e4c98f90b |
Red Hat Enterprise Linux Server from RHUI 6
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
x86_64 | |
openswan-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: 42bcaed85f9f7b90603d7f088e0f3c184e7ee3dd309e6ec4009ad6d01b538bd4 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-doc-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: a50ffcf3dcf792c1a25bb1271f829b7f54e0794a7042525c1d9be2ecc94da0da |
i386 | |
openswan-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8b56e07f8bca61da6af61971f270217c95630f7767c22826d8c8020839783a8f |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
openswan-doc-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8ffc104f4cf5895f133701b5737f740dbc29692b1e127a8e8dc6c01a0511317e |
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
x86_64 | |
openswan-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: 42bcaed85f9f7b90603d7f088e0f3c184e7ee3dd309e6ec4009ad6d01b538bd4 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
i386 | |
openswan-2.6.32-4.el6_1.1.i686.rpm | SHA-256: 8b56e07f8bca61da6af61971f270217c95630f7767c22826d8c8020839783a8f |
openswan-debuginfo-2.6.32-4.el6_1.1.i686.rpm | SHA-256: e4060e919b746fb0e9e5eeebb643ef0bb770af2c6feca4279624143557e872a8 |
Red Hat Virtual Storage Appliance (from RHUI) 6.1
SRPM | |
---|---|
x86_64 |
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
s390x | |
openswan-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 710509cd980eb26a5e4616a8208810d45bc48d8be84db801e40618ce33074ead |
openswan-debuginfo-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 8ca0d378fa39870c0f20dcb8ed3bbcac02fa35d49b174c9ae86d41d91416b89a |
openswan-debuginfo-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 8ca0d378fa39870c0f20dcb8ed3bbcac02fa35d49b174c9ae86d41d91416b89a |
openswan-doc-2.6.32-4.el6_1.1.s390x.rpm | SHA-256: 35c63ce193862315df8a422957b2e7c674224b51fc5e8d3bc1c8b621a552b5ba |
Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support 6
SRPM | |
---|---|
openswan-2.6.32-4.el6_1.1.src.rpm | SHA-256: 7d5abe2f8e1f29ab0483c211288a1746f67f47c1a2673e7ee19c71eff4170350 |
x86_64 | |
openswan-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: 42bcaed85f9f7b90603d7f088e0f3c184e7ee3dd309e6ec4009ad6d01b538bd4 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-debuginfo-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: f6da050edc53e9ab0a5380eb1d179b354d83b7be0795d3bda79b38662b5dcd68 |
openswan-doc-2.6.32-4.el6_1.1.x86_64.rpm | SHA-256: a50ffcf3dcf792c1a25bb1271f829b7f54e0794a7042525c1d9be2ecc94da0da |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.