- Issued:
- 2010-05-27
- Updated:
- 2010-05-27
RHEA-2010:0444 - Product Enhancement Advisory
Synopsis
Openswan enhancement update
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated openswan packages that implement Diffie-Hellman groups 22, 23 and
24 from RFC 5114 are now available.
Description
Openswan is a free implementation of Internet Protocol Security (IPsec) and
Internet Key Exchange (IKE) for Linux. IPsec uses strong cryptography to
provide both authentication and encryption services. These services allow
you to build secure tunnels through untrusted networks. Everything passing
through the untrusted net is encrypted by the IPsec gateway machine and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network, or VPN.
These packages contain the daemons and userland tools for setting up
openswan. They support the NETKEY/XFRM IPsec stack in the default Linux
kernel. The openswan 2.6.x-series also supports IKEv2 as described in RFC
4309.
This update adds the following enhancement:
- RFC 5114, Additional Diffie-Hellman Groups for Use with IETF Standards,
adds eight Diffie-Hellman groups (three prime modulus groups and five
elliptic curve groups) to the extant 21 groups set out in previous RFCs (eg
RFCs 2409, 3526 and 4492) for use with IKE, TLS, SSH and so on.
This update implements groups 22, 23 and 24: a 1024-bit MODular exPonential
(MODP) Group with 160-bit Prime Order Subgroup; a 2048-bit MODP Group with
224-bit Prime Order Subgroup; and a 2048-bit MODP Group with 256-bit Prime
Order Subgroup respectively. (BZ#591104)
Note: implementation of group 24 (a 2048-bit MODP Group with 256-bit Prime
Order Subgroup) is required for US National Institute of Standards and
Technology (NIST) IPv6 compliance and ongoing FIPS-140 certification.
All openswan users should install these updated packages, which add this
enhancement.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 591105 - Implementation of new Diffie-Hellman groups described in RFC 5114
CVEs
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
openswan-2.6.21-5.el5_5.3.src.rpm | SHA-256: a0b9fe6125fd0dcf6f6345c4700beb435e96d2e91015461dbada0a721b1d9f21 |
x86_64 | |
openswan-2.6.21-5.el5_5.3.x86_64.rpm | SHA-256: 00b81ec3f90d0f05ef4e37d30188ae001011d04274f94994d2e1ca8b75fae8fa |
openswan-doc-2.6.21-5.el5_5.3.x86_64.rpm | SHA-256: 7065438e55c8d1d4a29f04e82a7b33bfb0f9f4e079222412394e91d6aea0fec2 |
ia64 | |
openswan-2.6.21-5.el5_5.3.ia64.rpm | SHA-256: 5f686ca3cbfbbc96cd444dd28bf8bee5796c223abfb79d04cac50ea035b36c62 |
openswan-doc-2.6.21-5.el5_5.3.ia64.rpm | SHA-256: 8522c98783b8ad18830ec591941fc40e687c38b9b11e63fa4af0089d2cb5fe9d |
i386 | |
openswan-2.6.21-5.el5_5.3.i386.rpm | SHA-256: 98f17a872dd7c8e741b52f697e33c9d54a36e911a4b1f74991119b06827870c4 |
openswan-doc-2.6.21-5.el5_5.3.i386.rpm | SHA-256: 3079c533335759339424608b991a3845ee83ac976f564631647b973e53ded6b4 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
openswan-2.6.21-5.el5_5.3.src.rpm | SHA-256: a0b9fe6125fd0dcf6f6345c4700beb435e96d2e91015461dbada0a721b1d9f21 |
x86_64 | |
openswan-2.6.21-5.el5_5.3.x86_64.rpm | SHA-256: 00b81ec3f90d0f05ef4e37d30188ae001011d04274f94994d2e1ca8b75fae8fa |
openswan-doc-2.6.21-5.el5_5.3.x86_64.rpm | SHA-256: 7065438e55c8d1d4a29f04e82a7b33bfb0f9f4e079222412394e91d6aea0fec2 |
i386 | |
openswan-2.6.21-5.el5_5.3.i386.rpm | SHA-256: 98f17a872dd7c8e741b52f697e33c9d54a36e911a4b1f74991119b06827870c4 |
openswan-doc-2.6.21-5.el5_5.3.i386.rpm | SHA-256: 3079c533335759339424608b991a3845ee83ac976f564631647b973e53ded6b4 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
openswan-2.6.21-5.el5_5.3.src.rpm | SHA-256: a0b9fe6125fd0dcf6f6345c4700beb435e96d2e91015461dbada0a721b1d9f21 |
x86_64 | |
openswan-2.6.21-5.el5_5.3.x86_64.rpm | SHA-256: 00b81ec3f90d0f05ef4e37d30188ae001011d04274f94994d2e1ca8b75fae8fa |
openswan-doc-2.6.21-5.el5_5.3.x86_64.rpm | SHA-256: 7065438e55c8d1d4a29f04e82a7b33bfb0f9f4e079222412394e91d6aea0fec2 |
i386 | |
openswan-2.6.21-5.el5_5.3.i386.rpm | SHA-256: 98f17a872dd7c8e741b52f697e33c9d54a36e911a4b1f74991119b06827870c4 |
openswan-doc-2.6.21-5.el5_5.3.i386.rpm | SHA-256: 3079c533335759339424608b991a3845ee83ac976f564631647b973e53ded6b4 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
openswan-2.6.21-5.el5_5.3.src.rpm | SHA-256: a0b9fe6125fd0dcf6f6345c4700beb435e96d2e91015461dbada0a721b1d9f21 |
s390x | |
openswan-2.6.21-5.el5_5.3.s390x.rpm | SHA-256: ddbf752bc0c5d8f7638646bf52dedd8e0b27c609657d107eb6e85a1a14530c08 |
openswan-doc-2.6.21-5.el5_5.3.s390x.rpm | SHA-256: eac1a29bb28a359e297742a5b9859ed745471c2d8aac2179c04f13b2f529dc3d |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
openswan-2.6.21-5.el5_5.3.src.rpm | SHA-256: a0b9fe6125fd0dcf6f6345c4700beb435e96d2e91015461dbada0a721b1d9f21 |
ppc | |
openswan-2.6.21-5.el5_5.3.ppc.rpm | SHA-256: 5d22650398f08dafa3e983819c06a0769f8c2cd24d747afdd75aa8310bca8089 |
openswan-doc-2.6.21-5.el5_5.3.ppc.rpm | SHA-256: 4c80941bd50c6ce59fe11ba9da869ba7d4e3681b41cfff809b01fd153ab6e3a2 |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
openswan-2.6.21-5.el5_5.3.src.rpm | SHA-256: a0b9fe6125fd0dcf6f6345c4700beb435e96d2e91015461dbada0a721b1d9f21 |
x86_64 | |
openswan-2.6.21-5.el5_5.3.x86_64.rpm | SHA-256: 00b81ec3f90d0f05ef4e37d30188ae001011d04274f94994d2e1ca8b75fae8fa |
openswan-doc-2.6.21-5.el5_5.3.x86_64.rpm | SHA-256: 7065438e55c8d1d4a29f04e82a7b33bfb0f9f4e079222412394e91d6aea0fec2 |
i386 | |
openswan-2.6.21-5.el5_5.3.i386.rpm | SHA-256: 98f17a872dd7c8e741b52f697e33c9d54a36e911a4b1f74991119b06827870c4 |
openswan-doc-2.6.21-5.el5_5.3.i386.rpm | SHA-256: 3079c533335759339424608b991a3845ee83ac976f564631647b973e53ded6b4 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.