Skip to navigation

Bug Fix Advisory openswan bug fix update

Advisory: RHBA-2012:1069-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-07-12
Last updated on: 2012-07-12
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.3.z)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated openswan packages that fix two bugs are now available for Red Hat
Enterprise Linux 6.

Openswan is a free implementation of IPsec (internet Protocol Security) and IKE
(Internet Key Exchange) for Linux. The openswan packages contain the daemons and
user-space tools for setting up Openswan. It supports the NETKEY/XFRM IPsec
kernel stack that exists in the default Linux kernel. Openswan 2.6 and later
also supports IKEv2 (Internet Key Exchange Protocol Version 2), which is defined
in RFC5996.

This update fixes the following bugs:

* According to the RFC 5996 standard, reserved fields must be ignored on receipt
irrespective of their value. Previously, however, the contents of the reserved
fields was not being ignored on receipt for some payloads. Consequently,
Openswan reported an error message and IKE negotiation failed. With this update,
Openswan has been modified to ignore the reserved fields and IKE negotiation
succeeds regardless of the reserved field value. (BZ#834660)

* When a connection was configured in transport mode, Openswan did not pass
information about traffic selectors to the NETKEY/XFRM IPsec kernel stack during
the setup of security associations (SAs). Consequently, the information was not
available in the output of the "ip xfrm state" command. With this update,
Openswan correctly passes the traffic selectors information to the kernel when
SAs are setup in transport mode. (BZ#834662)

All users of openswan are advised to upgrade to these updated packages, which
fix these bugs.


Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openswan-2.6.32-18.el6_3.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 5e21b50761d19c9147e78132a642094a
SHA-256: 0ebebe5e244b3afc6c8febf60d5304bb536e66db196e33de3ea374ef8f8d7a3c
 
IA-32:
openswan-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 33ca3ecc0d7415ac8bdb65255971b9f7
SHA-256: 2640674316d4e9e06d8742d3711f535f324ac0e431385f744609724eb0678ff1
openswan-debuginfo-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: c0ac803cf96f174a9319f1a421362b5d
SHA-256: 184d4bf4d065068eb55b7a653b5508bc39fa4da06a5f244aadcc63cde0053076
openswan-doc-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: afe7526448f5baf3ad3303bc73eddff0
SHA-256: 5877e88660531e948fde108bd78500dfe306f3d55b540d75a036cf763100532a
 
x86_64:
openswan-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1b47db3a488bcc1c77544563f31cf1ab
SHA-256: ed8e703aa7a8de2bccbf5eb959c00e2263cba6a6f238e116f81a6543dcaabefc
openswan-debuginfo-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 84f9c209a59cdbb63299e8c2b640a648
SHA-256: cdab6ded116687010a78c4d3580200e99bffab8bbb5345dce12580f2c60683f9
openswan-doc-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 878f28bf20fed49b1b1cb7f5b198b0cf
SHA-256: 383ddeba37df932d527d3252c3d27fc2cf09696aa1d07754aed85c7a7d692384
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openswan-2.6.32-18.el6_3.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 5e21b50761d19c9147e78132a642094a
SHA-256: 0ebebe5e244b3afc6c8febf60d5304bb536e66db196e33de3ea374ef8f8d7a3c
 
IA-32:
openswan-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 33ca3ecc0d7415ac8bdb65255971b9f7
SHA-256: 2640674316d4e9e06d8742d3711f535f324ac0e431385f744609724eb0678ff1
openswan-debuginfo-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: c0ac803cf96f174a9319f1a421362b5d
SHA-256: 184d4bf4d065068eb55b7a653b5508bc39fa4da06a5f244aadcc63cde0053076
openswan-doc-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: afe7526448f5baf3ad3303bc73eddff0
SHA-256: 5877e88660531e948fde108bd78500dfe306f3d55b540d75a036cf763100532a
 
PPC:
openswan-2.6.32-18.el6_3.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 70a63166b227ed6c01b8cd9f62bffd5c
SHA-256: bc2b7a423d60996b827880d30be831d94efd9650ba643047f15376145666f338
openswan-debuginfo-2.6.32-18.el6_3.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: cbf790d5a2066eabe4f3c9f8eb6461f6
SHA-256: 99fec1ed6e6f1450dcdb28d629dcc1007f1332eeb96b753a4bbb45e3f53a6419
openswan-doc-2.6.32-18.el6_3.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: fc570625366da9ac0e94b02a62fc8f96
SHA-256: cbabc0539f385d8241b7aaa184832864216ca24d368c4f4c6f23975a8ad66cfb
 
s390x:
openswan-2.6.32-18.el6_3.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: 69fcd4e3150f0a6393dab03e0610fbb4
SHA-256: 71a4f9639966315e8f47c26dbcbcbad5c637ba3b254ae618a8704d53824083ab
openswan-debuginfo-2.6.32-18.el6_3.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: e96599535913291a959449bad8909e9e
SHA-256: d432d881f3e2780bd3d4228e9f02b4bb6974a517ba967f8fbabf3dc155f6640e
openswan-doc-2.6.32-18.el6_3.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: bae9da9cf889a6fce4b851cb0bb730c8
SHA-256: 2392e478f11e94da162939ff6fb965a612b1705909ccb3fc76de9af419d38f23
 
x86_64:
openswan-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1b47db3a488bcc1c77544563f31cf1ab
SHA-256: ed8e703aa7a8de2bccbf5eb959c00e2263cba6a6f238e116f81a6543dcaabefc
openswan-debuginfo-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 84f9c209a59cdbb63299e8c2b640a648
SHA-256: cdab6ded116687010a78c4d3580200e99bffab8bbb5345dce12580f2c60683f9
openswan-doc-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 878f28bf20fed49b1b1cb7f5b198b0cf
SHA-256: 383ddeba37df932d527d3252c3d27fc2cf09696aa1d07754aed85c7a7d692384
 
Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
openswan-2.6.32-18.el6_3.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 5e21b50761d19c9147e78132a642094a
SHA-256: 0ebebe5e244b3afc6c8febf60d5304bb536e66db196e33de3ea374ef8f8d7a3c
 
IA-32:
openswan-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHBA-2013:1161
    MD5: 33ca3ecc0d7415ac8bdb65255971b9f7
SHA-256: 2640674316d4e9e06d8742d3711f535f324ac0e431385f744609724eb0678ff1
openswan-debuginfo-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHBA-2013:1161
    MD5: c0ac803cf96f174a9319f1a421362b5d
SHA-256: 184d4bf4d065068eb55b7a653b5508bc39fa4da06a5f244aadcc63cde0053076
openswan-doc-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHBA-2013:1161
    MD5: afe7526448f5baf3ad3303bc73eddff0
SHA-256: 5877e88660531e948fde108bd78500dfe306f3d55b540d75a036cf763100532a
 
PPC:
openswan-2.6.32-18.el6_3.ppc64.rpm
File outdated by:  RHBA-2013:1161
    MD5: 70a63166b227ed6c01b8cd9f62bffd5c
SHA-256: bc2b7a423d60996b827880d30be831d94efd9650ba643047f15376145666f338
openswan-debuginfo-2.6.32-18.el6_3.ppc64.rpm
File outdated by:  RHBA-2013:1161
    MD5: cbf790d5a2066eabe4f3c9f8eb6461f6
SHA-256: 99fec1ed6e6f1450dcdb28d629dcc1007f1332eeb96b753a4bbb45e3f53a6419
openswan-doc-2.6.32-18.el6_3.ppc64.rpm
File outdated by:  RHBA-2013:1161
    MD5: fc570625366da9ac0e94b02a62fc8f96
SHA-256: cbabc0539f385d8241b7aaa184832864216ca24d368c4f4c6f23975a8ad66cfb
 
s390x:
openswan-2.6.32-18.el6_3.s390x.rpm
File outdated by:  RHBA-2013:1161
    MD5: 69fcd4e3150f0a6393dab03e0610fbb4
SHA-256: 71a4f9639966315e8f47c26dbcbcbad5c637ba3b254ae618a8704d53824083ab
openswan-debuginfo-2.6.32-18.el6_3.s390x.rpm
File outdated by:  RHBA-2013:1161
    MD5: e96599535913291a959449bad8909e9e
SHA-256: d432d881f3e2780bd3d4228e9f02b4bb6974a517ba967f8fbabf3dc155f6640e
openswan-doc-2.6.32-18.el6_3.s390x.rpm
File outdated by:  RHBA-2013:1161
    MD5: bae9da9cf889a6fce4b851cb0bb730c8
SHA-256: 2392e478f11e94da162939ff6fb965a612b1705909ccb3fc76de9af419d38f23
 
x86_64:
openswan-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1161
    MD5: 1b47db3a488bcc1c77544563f31cf1ab
SHA-256: ed8e703aa7a8de2bccbf5eb959c00e2263cba6a6f238e116f81a6543dcaabefc
openswan-debuginfo-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1161
    MD5: 84f9c209a59cdbb63299e8c2b640a648
SHA-256: cdab6ded116687010a78c4d3580200e99bffab8bbb5345dce12580f2c60683f9
openswan-doc-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1161
    MD5: 878f28bf20fed49b1b1cb7f5b198b0cf
SHA-256: 383ddeba37df932d527d3252c3d27fc2cf09696aa1d07754aed85c7a7d692384
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openswan-2.6.32-18.el6_3.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 5e21b50761d19c9147e78132a642094a
SHA-256: 0ebebe5e244b3afc6c8febf60d5304bb536e66db196e33de3ea374ef8f8d7a3c
 
IA-32:
openswan-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 33ca3ecc0d7415ac8bdb65255971b9f7
SHA-256: 2640674316d4e9e06d8742d3711f535f324ac0e431385f744609724eb0678ff1
openswan-debuginfo-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: c0ac803cf96f174a9319f1a421362b5d
SHA-256: 184d4bf4d065068eb55b7a653b5508bc39fa4da06a5f244aadcc63cde0053076
openswan-doc-2.6.32-18.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: afe7526448f5baf3ad3303bc73eddff0
SHA-256: 5877e88660531e948fde108bd78500dfe306f3d55b540d75a036cf763100532a
 
x86_64:
openswan-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1b47db3a488bcc1c77544563f31cf1ab
SHA-256: ed8e703aa7a8de2bccbf5eb959c00e2263cba6a6f238e116f81a6543dcaabefc
openswan-debuginfo-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 84f9c209a59cdbb63299e8c2b640a648
SHA-256: cdab6ded116687010a78c4d3580200e99bffab8bbb5345dce12580f2c60683f9
openswan-doc-2.6.32-18.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 878f28bf20fed49b1b1cb7f5b198b0cf
SHA-256: 383ddeba37df932d527d3252c3d27fc2cf09696aa1d07754aed85c7a7d692384
 
(The unlinked packages above are only available from the Red Hat Network)


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/