Skip to navigation

Bug Fix Advisory openswan bug fix update

Advisory: RHBA-2012:0339-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-02-24
Last updated on: 2012-02-24
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.2)
Red Hat Enterprise Linux Server EUS (v. 6.2.z)
Red Hat Enterprise Linux Workstation (v. 6)

Details

An updated openswan package that fixes various bugs is now available for Red Hat
Enterprise Linux 6.

Openswan is a free implementation of Internet Protocol Security (IPsec) and
Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both
authentication and encryption services. These services allow you to build secure
tunnels through untrusted networks. Openswan supports the NETKEY/XFRM IPsec
kernel stack that exists in the default Linux kernel. Openswan 2.6.x also
supports IKEv2 (RFC4306).

This updated openswan package includes fixes for the following bugs:

* The Openswan IKEv2 implementation did not correctly process an IKE_SA_INIT
message containing an INVALID_KE_PAYLOAD Notify Payload. With this fix, Openswan
now sends the INVALID_KE_PAYLOAD notify message back to the peer so that
IKE_SA_INIT can restart with the correct KE payload. (BZ#786434)

* Previously, Openswan sometimes generated a KE payload that was 1 byte shorter
than specified by the Diffie-Hellman algorithm. Consequently, IKE renegotiation
failed at random intervals. An error message in the following format was logged:

next payload type of ISAKMP Identification Payload has an unknown value:

This update checks the length of the generated key and if it is shorter than
required, leading zero bytes are added. (BZ#786435)

All users of openswan are advised to upgrade to this updated package, which
fixes these bugs. Note that the NSS library package needs to be version 3.13 or
later for the KE payload and IKE renegotiation issues to be fully resolved.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openswan-2.6.32-10.el6_2.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 60398a75eb8845e37b98d6a4803e3ded
SHA-256: 84f8fa4c018248491537eabb6ecfbde8eb36152022a16cbb7410d0965144268f
 
IA-32:
openswan-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1f260fb52371a9a81a7b30f87e1d982c
SHA-256: e7ed70814e8d962d6e315795396eafb6839759d9ff352ff95f3b27359a0eb283
openswan-debuginfo-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 5696f6ec8af7a8e419ed4b583abe1281
SHA-256: 0fdd7ac079aa96dcf38f7877522ecabe4f51e37bcb08a762276766872544c586
openswan-doc-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 99ad9f832c61a4cc70a9085e779a9583
SHA-256: c1cf84936af833cad1013ef193714364b81a4c52a24d8db839eaab765e91acfd
 
x86_64:
openswan-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 51965b11daa244f93a2b281b2c462750
SHA-256: 84185663e9b7820ca6b7f34ec5155bee340f14ab50275ceb45511bd661941861
openswan-debuginfo-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: b932ecd1939c79bf0f9f255ee57948b6
SHA-256: de6cc2afece7c15bcbfa1292dac12f8456916f65194edca9f147d38dc406f78c
openswan-doc-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: b92de0d1557af55de55c0bde821d9f45
SHA-256: 5d012d2af9e31c3f62a0c16cf425211bbd0a656ef76392f84089c79b363eb7c1
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openswan-2.6.32-10.el6_2.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 60398a75eb8845e37b98d6a4803e3ded
SHA-256: 84f8fa4c018248491537eabb6ecfbde8eb36152022a16cbb7410d0965144268f
 
IA-32:
openswan-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1f260fb52371a9a81a7b30f87e1d982c
SHA-256: e7ed70814e8d962d6e315795396eafb6839759d9ff352ff95f3b27359a0eb283
openswan-debuginfo-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 5696f6ec8af7a8e419ed4b583abe1281
SHA-256: 0fdd7ac079aa96dcf38f7877522ecabe4f51e37bcb08a762276766872544c586
openswan-doc-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 99ad9f832c61a4cc70a9085e779a9583
SHA-256: c1cf84936af833cad1013ef193714364b81a4c52a24d8db839eaab765e91acfd
 
PPC:
openswan-2.6.32-10.el6_2.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 52d36ceda55cd5bc8fb68117129cbfc3
SHA-256: 0609e475bcf30822e425029fb60527bdaa3f64774be1725cce62471d8a1238a9
openswan-debuginfo-2.6.32-10.el6_2.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 3d204d62a6db41bf915ac3f7a30125dd
SHA-256: 98091c7458f155bce1b4e27b98ff75544e98db9602fcd7a9935ab18d8dfc0ebc
openswan-doc-2.6.32-10.el6_2.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 4f189d1f5b93a8426941d4a97f07a91b
SHA-256: 404b2010b09b761d753ddca25858f02ebcee89668238d4cee9b04e39475c9f61
 
s390x:
openswan-2.6.32-10.el6_2.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: d39a68b5f642725f73b10ea462e954df
SHA-256: cbb5da96c4440512f7df2528aef0f00efa2d8347e83dd62bcc461fcb55590405
openswan-debuginfo-2.6.32-10.el6_2.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: a6eac1a29153823a2ca0b108a5c79ad0
SHA-256: 6326b71e50dd5b764511280864da359aab25c2b12fdda6ac4639165ed9894305
openswan-doc-2.6.32-10.el6_2.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: 505defd7aa8eeeaab341d4e7093988da
SHA-256: 6b6aaecf34b3ca38b290e90f1e341ca07ac8c237482415039b282572949e3370
 
x86_64:
openswan-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 51965b11daa244f93a2b281b2c462750
SHA-256: 84185663e9b7820ca6b7f34ec5155bee340f14ab50275ceb45511bd661941861
openswan-debuginfo-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: b932ecd1939c79bf0f9f255ee57948b6
SHA-256: de6cc2afece7c15bcbfa1292dac12f8456916f65194edca9f147d38dc406f78c
openswan-doc-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: b92de0d1557af55de55c0bde821d9f45
SHA-256: 5d012d2af9e31c3f62a0c16cf425211bbd0a656ef76392f84089c79b363eb7c1
 
Red Hat Enterprise Linux Server AUS (v. 6.2)

SRPMS:
openswan-2.6.32-10.el6_2.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 60398a75eb8845e37b98d6a4803e3ded
SHA-256: 84f8fa4c018248491537eabb6ecfbde8eb36152022a16cbb7410d0965144268f
 
x86_64:
openswan-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHBA-2013:1160
    MD5: 51965b11daa244f93a2b281b2c462750
SHA-256: 84185663e9b7820ca6b7f34ec5155bee340f14ab50275ceb45511bd661941861
openswan-debuginfo-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHBA-2013:1160
    MD5: b932ecd1939c79bf0f9f255ee57948b6
SHA-256: de6cc2afece7c15bcbfa1292dac12f8456916f65194edca9f147d38dc406f78c
openswan-doc-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHBA-2013:1160
    MD5: b92de0d1557af55de55c0bde821d9f45
SHA-256: 5d012d2af9e31c3f62a0c16cf425211bbd0a656ef76392f84089c79b363eb7c1
 
Red Hat Enterprise Linux Server EUS (v. 6.2.z)

SRPMS:
openswan-2.6.32-10.el6_2.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 60398a75eb8845e37b98d6a4803e3ded
SHA-256: 84f8fa4c018248491537eabb6ecfbde8eb36152022a16cbb7410d0965144268f
 
IA-32:
openswan-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHBA-2013:1160
    MD5: 1f260fb52371a9a81a7b30f87e1d982c
SHA-256: e7ed70814e8d962d6e315795396eafb6839759d9ff352ff95f3b27359a0eb283
openswan-debuginfo-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHBA-2013:1160
    MD5: 5696f6ec8af7a8e419ed4b583abe1281
SHA-256: 0fdd7ac079aa96dcf38f7877522ecabe4f51e37bcb08a762276766872544c586
openswan-doc-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHBA-2013:1160
    MD5: 99ad9f832c61a4cc70a9085e779a9583
SHA-256: c1cf84936af833cad1013ef193714364b81a4c52a24d8db839eaab765e91acfd
 
PPC:
openswan-2.6.32-10.el6_2.ppc64.rpm
File outdated by:  RHBA-2013:1160
    MD5: 52d36ceda55cd5bc8fb68117129cbfc3
SHA-256: 0609e475bcf30822e425029fb60527bdaa3f64774be1725cce62471d8a1238a9
openswan-debuginfo-2.6.32-10.el6_2.ppc64.rpm
File outdated by:  RHBA-2013:1160
    MD5: 3d204d62a6db41bf915ac3f7a30125dd
SHA-256: 98091c7458f155bce1b4e27b98ff75544e98db9602fcd7a9935ab18d8dfc0ebc
openswan-doc-2.6.32-10.el6_2.ppc64.rpm
File outdated by:  RHBA-2013:1160
    MD5: 4f189d1f5b93a8426941d4a97f07a91b
SHA-256: 404b2010b09b761d753ddca25858f02ebcee89668238d4cee9b04e39475c9f61
 
s390x:
openswan-2.6.32-10.el6_2.s390x.rpm
File outdated by:  RHBA-2013:1160
    MD5: d39a68b5f642725f73b10ea462e954df
SHA-256: cbb5da96c4440512f7df2528aef0f00efa2d8347e83dd62bcc461fcb55590405
openswan-debuginfo-2.6.32-10.el6_2.s390x.rpm
File outdated by:  RHBA-2013:1160
    MD5: a6eac1a29153823a2ca0b108a5c79ad0
SHA-256: 6326b71e50dd5b764511280864da359aab25c2b12fdda6ac4639165ed9894305
openswan-doc-2.6.32-10.el6_2.s390x.rpm
File outdated by:  RHBA-2013:1160
    MD5: 505defd7aa8eeeaab341d4e7093988da
SHA-256: 6b6aaecf34b3ca38b290e90f1e341ca07ac8c237482415039b282572949e3370
 
x86_64:
openswan-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHBA-2013:1160
    MD5: 51965b11daa244f93a2b281b2c462750
SHA-256: 84185663e9b7820ca6b7f34ec5155bee340f14ab50275ceb45511bd661941861
openswan-debuginfo-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHBA-2013:1160
    MD5: b932ecd1939c79bf0f9f255ee57948b6
SHA-256: de6cc2afece7c15bcbfa1292dac12f8456916f65194edca9f147d38dc406f78c
openswan-doc-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHBA-2013:1160
    MD5: b92de0d1557af55de55c0bde821d9f45
SHA-256: 5d012d2af9e31c3f62a0c16cf425211bbd0a656ef76392f84089c79b363eb7c1
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openswan-2.6.32-10.el6_2.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 60398a75eb8845e37b98d6a4803e3ded
SHA-256: 84f8fa4c018248491537eabb6ecfbde8eb36152022a16cbb7410d0965144268f
 
IA-32:
openswan-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1f260fb52371a9a81a7b30f87e1d982c
SHA-256: e7ed70814e8d962d6e315795396eafb6839759d9ff352ff95f3b27359a0eb283
openswan-debuginfo-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 5696f6ec8af7a8e419ed4b583abe1281
SHA-256: 0fdd7ac079aa96dcf38f7877522ecabe4f51e37bcb08a762276766872544c586
openswan-doc-2.6.32-10.el6_2.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 99ad9f832c61a4cc70a9085e779a9583
SHA-256: c1cf84936af833cad1013ef193714364b81a4c52a24d8db839eaab765e91acfd
 
x86_64:
openswan-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 51965b11daa244f93a2b281b2c462750
SHA-256: 84185663e9b7820ca6b7f34ec5155bee340f14ab50275ceb45511bd661941861
openswan-debuginfo-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: b932ecd1939c79bf0f9f255ee57948b6
SHA-256: de6cc2afece7c15bcbfa1292dac12f8456916f65194edca9f147d38dc406f78c
openswan-doc-2.6.32-10.el6_2.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: b92de0d1557af55de55c0bde821d9f45
SHA-256: 5d012d2af9e31c3f62a0c16cf425211bbd0a656ef76392f84089c79b363eb7c1
 
(The unlinked packages above are only available from the Red Hat Network)


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/