Skip to navigation

Bug Fix Advisory openswan bug fix update

Advisory: RHBA-2012:1305-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2012-09-24
Last updated on: 2012-09-24
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.3.z)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated openswan packages that fix a bug are now available for Red Hat
Enterprise Linux 6.

Openswan is a free implementation of IPsec (Internet Protocol Security) and IKE
(Internet Key Exchange) for Linux. The openswan packages contain daemons and
user-space tools for setting up Openswan. It supports the NETKEY/XFRM IPsec
kernel stack that exists in the default Linux kernel. Openswan 2.6 and later
also supports IKEv2 (Internet Key Exchange Protocol version 2), which is defined
in RFC5996.

This update fixes the following bug:

* When a tunnel was established between two IPsec hosts (say host1 and host2)
utilizing DPD (Dead Peer Detection), and if host2 went offline while host1
continued to transmit data, host1 continually queued multiple phase 2 requests
after the DPD action. When host2 came back online, the stack of pending phase 2
requests was established, leaving a new IPsec SA (Security Association), and a
large group of extra SA's that consumed system resources and eventually expired.
This update ensures that openswan has just a single pending phase 2 request
during the time that host2 is down, and when host2 comes back up, only a single
new IPsec SA is established, thus preventing this bug. (BZ#852454)

All users of openswan are advised to upgrade to these updated packages, which
fix this bug.


Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openswan-2.6.32-19.el6_3.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 0341cb4c092fe3fd1a8695014ae32139
SHA-256: 6a8f96aad1e7d4147d89a75638a6b5b81cbff303f83ac22d45d61af462f581ef
 
IA-32:
openswan-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 2844d6fcad5d8ba44f709424b493e319
SHA-256: 02deefd2ab19a440da74992fa03ae1de7e9a2dd017fc42257981027ade0a7206
openswan-debuginfo-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 2841ee5e288f5c9756c9abb44797ee74
SHA-256: b0fc2ddae918b59e5a5d53de3429cd695fbd451623aa490e4bcf0623a2043c29
openswan-doc-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: a5abe402cac80f2006b0d53270b43039
SHA-256: dbe53ad2b3da095528e442686176f939d3b30e4bd7d561ce21e4e33d236b7786
 
x86_64:
openswan-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 531487a180f57c7b0a80c0c9560c5155
SHA-256: fc251c095b159dab56b37dce7c096b2682f7e285db8a9ece52b9e49d8cbf9004
openswan-debuginfo-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 3af3c642ab6241d3aa25c8acd6ecd990
SHA-256: 7be1e951493c9bd908a1c1c50883d8117c0e4731aa6c893f4f0c96437e4c7b4a
openswan-doc-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 35a80f56389bc0b4268c26d061bc3f0a
SHA-256: 0452edbc3a1b9a32e45187c188f5d4e7fa0c6a5c7e0e3c6562c076dde19d2cb4
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openswan-2.6.32-19.el6_3.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 0341cb4c092fe3fd1a8695014ae32139
SHA-256: 6a8f96aad1e7d4147d89a75638a6b5b81cbff303f83ac22d45d61af462f581ef
 
IA-32:
openswan-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 2844d6fcad5d8ba44f709424b493e319
SHA-256: 02deefd2ab19a440da74992fa03ae1de7e9a2dd017fc42257981027ade0a7206
openswan-debuginfo-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 2841ee5e288f5c9756c9abb44797ee74
SHA-256: b0fc2ddae918b59e5a5d53de3429cd695fbd451623aa490e4bcf0623a2043c29
openswan-doc-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: a5abe402cac80f2006b0d53270b43039
SHA-256: dbe53ad2b3da095528e442686176f939d3b30e4bd7d561ce21e4e33d236b7786
 
PPC:
openswan-2.6.32-19.el6_3.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1e2ae50e9823dc47746a5a00ef3a8583
SHA-256: a3915c97aac796d8eb251e3c37baeec069b701971c30d3e1b7b3e34e23ee0d9f
openswan-debuginfo-2.6.32-19.el6_3.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 7b6210411131b744553fc3dfafaa76a7
SHA-256: c349ddd46bb6499e6ef7f6cc01ef8f9dab6df05923b2dce5e80f1692419c57ac
openswan-doc-2.6.32-19.el6_3.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 3c81a9a6ad55bfeceebe7d5003735eac
SHA-256: 7c8455305e49c09804f694850a0a0068ee103625f62dc7ace32aff41f179844e
 
s390x:
openswan-2.6.32-19.el6_3.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: e0c07c9616d53b63eb9b43d3a8e48bf6
SHA-256: bd5b42168d75fa07ed89f60603052a7e2b3f19a0dd4df501241d169fa9b8ab0b
openswan-debuginfo-2.6.32-19.el6_3.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: 6125e8ab0c9d9f4689f4cd2a0937c857
SHA-256: bbea8f822924c3b114e7b0c43ccaef9926f3a40669abcb53ef196d316a215c66
openswan-doc-2.6.32-19.el6_3.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: 03d1065edaee40451c1fbd09b58a1e08
SHA-256: 0792446223a124b9c3b2c3ad1c9c282692d640970dec6e5463014bcf9bbe3ee0
 
x86_64:
openswan-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 531487a180f57c7b0a80c0c9560c5155
SHA-256: fc251c095b159dab56b37dce7c096b2682f7e285db8a9ece52b9e49d8cbf9004
openswan-debuginfo-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 3af3c642ab6241d3aa25c8acd6ecd990
SHA-256: 7be1e951493c9bd908a1c1c50883d8117c0e4731aa6c893f4f0c96437e4c7b4a
openswan-doc-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 35a80f56389bc0b4268c26d061bc3f0a
SHA-256: 0452edbc3a1b9a32e45187c188f5d4e7fa0c6a5c7e0e3c6562c076dde19d2cb4
 
Red Hat Enterprise Linux Server EUS (v. 6.3.z)

SRPMS:
openswan-2.6.32-19.el6_3.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 0341cb4c092fe3fd1a8695014ae32139
SHA-256: 6a8f96aad1e7d4147d89a75638a6b5b81cbff303f83ac22d45d61af462f581ef
 
IA-32:
openswan-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHBA-2013:1161
    MD5: 2844d6fcad5d8ba44f709424b493e319
SHA-256: 02deefd2ab19a440da74992fa03ae1de7e9a2dd017fc42257981027ade0a7206
openswan-debuginfo-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHBA-2013:1161
    MD5: 2841ee5e288f5c9756c9abb44797ee74
SHA-256: b0fc2ddae918b59e5a5d53de3429cd695fbd451623aa490e4bcf0623a2043c29
openswan-doc-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHBA-2013:1161
    MD5: a5abe402cac80f2006b0d53270b43039
SHA-256: dbe53ad2b3da095528e442686176f939d3b30e4bd7d561ce21e4e33d236b7786
 
PPC:
openswan-2.6.32-19.el6_3.ppc64.rpm
File outdated by:  RHBA-2013:1161
    MD5: 1e2ae50e9823dc47746a5a00ef3a8583
SHA-256: a3915c97aac796d8eb251e3c37baeec069b701971c30d3e1b7b3e34e23ee0d9f
openswan-debuginfo-2.6.32-19.el6_3.ppc64.rpm
File outdated by:  RHBA-2013:1161
    MD5: 7b6210411131b744553fc3dfafaa76a7
SHA-256: c349ddd46bb6499e6ef7f6cc01ef8f9dab6df05923b2dce5e80f1692419c57ac
openswan-doc-2.6.32-19.el6_3.ppc64.rpm
File outdated by:  RHBA-2013:1161
    MD5: 3c81a9a6ad55bfeceebe7d5003735eac
SHA-256: 7c8455305e49c09804f694850a0a0068ee103625f62dc7ace32aff41f179844e
 
s390x:
openswan-2.6.32-19.el6_3.s390x.rpm
File outdated by:  RHBA-2013:1161
    MD5: e0c07c9616d53b63eb9b43d3a8e48bf6
SHA-256: bd5b42168d75fa07ed89f60603052a7e2b3f19a0dd4df501241d169fa9b8ab0b
openswan-debuginfo-2.6.32-19.el6_3.s390x.rpm
File outdated by:  RHBA-2013:1161
    MD5: 6125e8ab0c9d9f4689f4cd2a0937c857
SHA-256: bbea8f822924c3b114e7b0c43ccaef9926f3a40669abcb53ef196d316a215c66
openswan-doc-2.6.32-19.el6_3.s390x.rpm
File outdated by:  RHBA-2013:1161
    MD5: 03d1065edaee40451c1fbd09b58a1e08
SHA-256: 0792446223a124b9c3b2c3ad1c9c282692d640970dec6e5463014bcf9bbe3ee0
 
x86_64:
openswan-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1161
    MD5: 531487a180f57c7b0a80c0c9560c5155
SHA-256: fc251c095b159dab56b37dce7c096b2682f7e285db8a9ece52b9e49d8cbf9004
openswan-debuginfo-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1161
    MD5: 3af3c642ab6241d3aa25c8acd6ecd990
SHA-256: 7be1e951493c9bd908a1c1c50883d8117c0e4731aa6c893f4f0c96437e4c7b4a
openswan-doc-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHBA-2013:1161
    MD5: 35a80f56389bc0b4268c26d061bc3f0a
SHA-256: 0452edbc3a1b9a32e45187c188f5d4e7fa0c6a5c7e0e3c6562c076dde19d2cb4
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openswan-2.6.32-19.el6_3.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 0341cb4c092fe3fd1a8695014ae32139
SHA-256: 6a8f96aad1e7d4147d89a75638a6b5b81cbff303f83ac22d45d61af462f581ef
 
IA-32:
openswan-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 2844d6fcad5d8ba44f709424b493e319
SHA-256: 02deefd2ab19a440da74992fa03ae1de7e9a2dd017fc42257981027ade0a7206
openswan-debuginfo-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: 2841ee5e288f5c9756c9abb44797ee74
SHA-256: b0fc2ddae918b59e5a5d53de3429cd695fbd451623aa490e4bcf0623a2043c29
openswan-doc-2.6.32-19.el6_3.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: a5abe402cac80f2006b0d53270b43039
SHA-256: dbe53ad2b3da095528e442686176f939d3b30e4bd7d561ce21e4e33d236b7786
 
x86_64:
openswan-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 531487a180f57c7b0a80c0c9560c5155
SHA-256: fc251c095b159dab56b37dce7c096b2682f7e285db8a9ece52b9e49d8cbf9004
openswan-debuginfo-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 3af3c642ab6241d3aa25c8acd6ecd990
SHA-256: 7be1e951493c9bd908a1c1c50883d8117c0e4731aa6c893f4f0c96437e4c7b4a
openswan-doc-2.6.32-19.el6_3.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 35a80f56389bc0b4268c26d061bc3f0a
SHA-256: 0452edbc3a1b9a32e45187c188f5d4e7fa0c6a5c7e0e3c6562c076dde19d2cb4
 
(The unlinked packages above are only available from the Red Hat Network)


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/