Skip to navigation

Security Advisory Moderate: openswan security update

Advisory: RHSA-2011:1422-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-11-02
Last updated on: 2011-11-02
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-4073

Details

Updated openswan packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks.

A use-after-free flaw was found in the way Openswan's pluto IKE daemon used
cryptographic helpers. A remote, authenticated attacker could send a
specially-crafted IKE packet that would crash the pluto daemon. This issue
only affected SMP (symmetric multiprocessing) systems that have the
cryptographic helpers enabled. The helpers are disabled by default on Red
Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux
6. (CVE-2011-4073)

Red Hat would like to thank the Openswan project for reporting this issue.
Upstream acknowledges Petar Tsankov, Mohammad Torabi Dashti and David Basin
of the information security group at ETH Zurich as the original reporters.

All users of openswan are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, the ipsec service will be restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
openswan-2.6.21-5.el5_7.6.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 4333de68c7a51ea9a52b6df7eca5d1b9
SHA-256: 8217358f258107807c66f5173f12e2d88cd708205de9f14660a11d8c3b61d65a
 
IA-32:
openswan-2.6.21-5.el5_7.6.i386.rpm
File outdated by:  RHSA-2014:0185
    MD5: 31e830eb7eb2d805e015819a29617d28
SHA-256: fd1a785e6500655e3dc6e0874e9c4a840cc194977964e17b9856d5b691123981
openswan-doc-2.6.21-5.el5_7.6.i386.rpm
File outdated by:  RHSA-2014:0185
    MD5: 6cbd00b16afa10ab67d4ba629ed38276
SHA-256: 393a68cb883f900734ab4f3e5ea1d2ce90bec989f4d9082126f4a94f93a6ecc7
 
IA-64:
openswan-2.6.21-5.el5_7.6.ia64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 9085d4241ad95280e4591a80dc7de88e
SHA-256: 785c7fb08ecda4dbe7e2a4aec3bc25bb6ef0da1a8bb98acd4581687ecc45bee9
openswan-doc-2.6.21-5.el5_7.6.ia64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 0be0e935934ad1a2bcb65201ece114f8
SHA-256: 7df6991b09a160630905eef37212e026180f6f743abdb2b53fcc25ca69a2ba6b
 
PPC:
openswan-2.6.21-5.el5_7.6.ppc.rpm
File outdated by:  RHSA-2014:0185
    MD5: 2b610dcbbeb7e4575d7fda1b36293e98
SHA-256: d850b90379d9ec7cc890753de100f8a5a6dde0e7d15de9644d7ab53144f5798e
openswan-doc-2.6.21-5.el5_7.6.ppc.rpm
File outdated by:  RHSA-2014:0185
    MD5: 6abc08d5de754a18d7ab9a67055a5d42
SHA-256: 34fc6ec9bd40189377ef8559d7798ec790d1bfeabe60c43470711771fecd2148
 
s390x:
openswan-2.6.21-5.el5_7.6.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: c11def2b98e38fe8edfe6fddaba997f2
SHA-256: bd491428310b39605c021bc0f9745425f9d4ba467bd208ccb732fe7426dea89d
openswan-doc-2.6.21-5.el5_7.6.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: eb5220bb2681a8d032e9c10a682c12e4
SHA-256: dd75ade86002b32ee0f7750462ea4983faa20ba9452fe2bf51d354c5b2ca8a16
 
x86_64:
openswan-2.6.21-5.el5_7.6.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 583f387096649ce0f2c74b1ec9bc2a0e
SHA-256: 824affbeacfdf8ceeb63b5a0195a374ea75d3c74c0f6d5e59c954bdf02988980
openswan-doc-2.6.21-5.el5_7.6.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 482bc27d7b307f5306795b424877e6eb
SHA-256: 335a6b3c32cd9ace8e251c6310e0800ea796314e538614778044b4eb47e1e097
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
openswan-2.6.21-5.el5_7.6.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: 4333de68c7a51ea9a52b6df7eca5d1b9
SHA-256: 8217358f258107807c66f5173f12e2d88cd708205de9f14660a11d8c3b61d65a
 
IA-32:
openswan-2.6.21-5.el5_7.6.i386.rpm
File outdated by:  RHSA-2014:0185
    MD5: 31e830eb7eb2d805e015819a29617d28
SHA-256: fd1a785e6500655e3dc6e0874e9c4a840cc194977964e17b9856d5b691123981
openswan-doc-2.6.21-5.el5_7.6.i386.rpm
File outdated by:  RHSA-2014:0185
    MD5: 6cbd00b16afa10ab67d4ba629ed38276
SHA-256: 393a68cb883f900734ab4f3e5ea1d2ce90bec989f4d9082126f4a94f93a6ecc7
 
x86_64:
openswan-2.6.21-5.el5_7.6.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 583f387096649ce0f2c74b1ec9bc2a0e
SHA-256: 824affbeacfdf8ceeb63b5a0195a374ea75d3c74c0f6d5e59c954bdf02988980
openswan-doc-2.6.21-5.el5_7.6.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 482bc27d7b307f5306795b424877e6eb
SHA-256: 335a6b3c32cd9ace8e251c6310e0800ea796314e538614778044b4eb47e1e097
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openswan-2.6.32-4.el6_1.4.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: ee26e2300313c23198a7320e7f938d7e
SHA-256: 984d92f936f0b7c0ffdbefa9f39ad8b8c3d904a3a39733cdac1f294c42a216af
 
IA-32:
openswan-2.6.32-4.el6_1.4.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: f482796f54dac568c11c02d430d96258
SHA-256: 735dcdcae087297768b84c3ed3437aa3a041000a139f5de04907b370eae277a3
openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: cd5724d0d41c5e40c5cc2bb231610fd1
SHA-256: 7e3910d7159091cdb8c3382fc74033002deefbd778f0b8c6410953f29a4b5de4
openswan-doc-2.6.32-4.el6_1.4.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: ebc7f7168848df2336452ec5dc5c8898
SHA-256: 16ca2f4c1bdd144ef830f6d89c647c93ac9cf77a28f56808ff623aced0f1bcfc
 
x86_64:
openswan-2.6.32-4.el6_1.4.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1f5caf1ccf44cde849a9e4fc59ce5c7f
SHA-256: e1cba26f2c97aeb68414592133c3bedea9103acbde8ed552e387057970a8bcae
openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: bdadfa92a0e6c0a14d6fbea58756c1c2
SHA-256: 82bac6ddae21a6d74437f7afa35dff7c5ca2df3803360e140df204fde80335fd
openswan-doc-2.6.32-4.el6_1.4.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 5fdc84560c6a18c6fcce35bf4bc3dada
SHA-256: 7d429b19de6c64ac40ff216f67cff403a27d6154654aec6896b55adbf74f4c17
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openswan-2.6.32-4.el6_1.4.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: ee26e2300313c23198a7320e7f938d7e
SHA-256: 984d92f936f0b7c0ffdbefa9f39ad8b8c3d904a3a39733cdac1f294c42a216af
 
IA-32:
openswan-2.6.32-4.el6_1.4.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: f482796f54dac568c11c02d430d96258
SHA-256: 735dcdcae087297768b84c3ed3437aa3a041000a139f5de04907b370eae277a3
openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: cd5724d0d41c5e40c5cc2bb231610fd1
SHA-256: 7e3910d7159091cdb8c3382fc74033002deefbd778f0b8c6410953f29a4b5de4
openswan-doc-2.6.32-4.el6_1.4.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: ebc7f7168848df2336452ec5dc5c8898
SHA-256: 16ca2f4c1bdd144ef830f6d89c647c93ac9cf77a28f56808ff623aced0f1bcfc
 
PPC:
openswan-2.6.32-4.el6_1.4.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 816c2a40220888569a8ea6fbef1f40f6
SHA-256: bbf7fcf50a4583a90b7fe1ddf5a4c08e4b870cb0e6572ab07cbce3dbeac2b5c8
openswan-debuginfo-2.6.32-4.el6_1.4.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 39da01f43b3ed905ae2993fd23805fef
SHA-256: fdd3a9a118a07add3bbd4523d499a38917f37b400e06128fad764b7021c18d7d
openswan-doc-2.6.32-4.el6_1.4.ppc64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 8045dbb1e6495eb7af0acce763efe398
SHA-256: dbd31373fb70f3037838e6c2f25f49824aadeba69ab76b4a1b8a53fcee25d344
 
s390x:
openswan-2.6.32-4.el6_1.4.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: b2916ff83e54b412d6a03b597a37e9ee
SHA-256: d65ac12af4fde6f90ce35200826e1e49b24c022d46b7999e6b6e38c3aac8f67e
openswan-debuginfo-2.6.32-4.el6_1.4.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: 09e8a7ff8beff1d5ae5b20b2e9a55872
SHA-256: 8dcc1a06fa03ba848413460623f52c0e80c550fc8bf29f7270808d943a2fe42b
openswan-doc-2.6.32-4.el6_1.4.s390x.rpm
File outdated by:  RHSA-2014:0185
    MD5: bc498d9d018f7c8b6b9a6e88143be8d6
SHA-256: 4761ac0c6241515d84a16ed00efa65610bfa09e59d8db449b03f84659c1f5e7c
 
x86_64:
openswan-2.6.32-4.el6_1.4.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1f5caf1ccf44cde849a9e4fc59ce5c7f
SHA-256: e1cba26f2c97aeb68414592133c3bedea9103acbde8ed552e387057970a8bcae
openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: bdadfa92a0e6c0a14d6fbea58756c1c2
SHA-256: 82bac6ddae21a6d74437f7afa35dff7c5ca2df3803360e140df204fde80335fd
openswan-doc-2.6.32-4.el6_1.4.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 5fdc84560c6a18c6fcce35bf4bc3dada
SHA-256: 7d429b19de6c64ac40ff216f67cff403a27d6154654aec6896b55adbf74f4c17
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
openswan-2.6.32-4.el6_1.4.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: ee26e2300313c23198a7320e7f938d7e
SHA-256: 984d92f936f0b7c0ffdbefa9f39ad8b8c3d904a3a39733cdac1f294c42a216af
 
IA-32:
openswan-2.6.32-4.el6_1.4.i686.rpm     MD5: f482796f54dac568c11c02d430d96258
SHA-256: 735dcdcae087297768b84c3ed3437aa3a041000a139f5de04907b370eae277a3
openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm     MD5: cd5724d0d41c5e40c5cc2bb231610fd1
SHA-256: 7e3910d7159091cdb8c3382fc74033002deefbd778f0b8c6410953f29a4b5de4
openswan-doc-2.6.32-4.el6_1.4.i686.rpm     MD5: ebc7f7168848df2336452ec5dc5c8898
SHA-256: 16ca2f4c1bdd144ef830f6d89c647c93ac9cf77a28f56808ff623aced0f1bcfc
 
PPC:
openswan-2.6.32-4.el6_1.4.ppc64.rpm     MD5: 816c2a40220888569a8ea6fbef1f40f6
SHA-256: bbf7fcf50a4583a90b7fe1ddf5a4c08e4b870cb0e6572ab07cbce3dbeac2b5c8
openswan-debuginfo-2.6.32-4.el6_1.4.ppc64.rpm     MD5: 39da01f43b3ed905ae2993fd23805fef
SHA-256: fdd3a9a118a07add3bbd4523d499a38917f37b400e06128fad764b7021c18d7d
openswan-doc-2.6.32-4.el6_1.4.ppc64.rpm     MD5: 8045dbb1e6495eb7af0acce763efe398
SHA-256: dbd31373fb70f3037838e6c2f25f49824aadeba69ab76b4a1b8a53fcee25d344
 
s390x:
openswan-2.6.32-4.el6_1.4.s390x.rpm     MD5: b2916ff83e54b412d6a03b597a37e9ee
SHA-256: d65ac12af4fde6f90ce35200826e1e49b24c022d46b7999e6b6e38c3aac8f67e
openswan-debuginfo-2.6.32-4.el6_1.4.s390x.rpm     MD5: 09e8a7ff8beff1d5ae5b20b2e9a55872
SHA-256: 8dcc1a06fa03ba848413460623f52c0e80c550fc8bf29f7270808d943a2fe42b
openswan-doc-2.6.32-4.el6_1.4.s390x.rpm     MD5: bc498d9d018f7c8b6b9a6e88143be8d6
SHA-256: 4761ac0c6241515d84a16ed00efa65610bfa09e59d8db449b03f84659c1f5e7c
 
x86_64:
openswan-2.6.32-4.el6_1.4.x86_64.rpm     MD5: 1f5caf1ccf44cde849a9e4fc59ce5c7f
SHA-256: e1cba26f2c97aeb68414592133c3bedea9103acbde8ed552e387057970a8bcae
openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm     MD5: bdadfa92a0e6c0a14d6fbea58756c1c2
SHA-256: 82bac6ddae21a6d74437f7afa35dff7c5ca2df3803360e140df204fde80335fd
openswan-doc-2.6.32-4.el6_1.4.x86_64.rpm     MD5: 5fdc84560c6a18c6fcce35bf4bc3dada
SHA-256: 7d429b19de6c64ac40ff216f67cff403a27d6154654aec6896b55adbf74f4c17
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openswan-2.6.32-4.el6_1.4.src.rpm
File outdated by:  RHSA-2014:0185
    MD5: ee26e2300313c23198a7320e7f938d7e
SHA-256: 984d92f936f0b7c0ffdbefa9f39ad8b8c3d904a3a39733cdac1f294c42a216af
 
IA-32:
openswan-2.6.32-4.el6_1.4.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: f482796f54dac568c11c02d430d96258
SHA-256: 735dcdcae087297768b84c3ed3437aa3a041000a139f5de04907b370eae277a3
openswan-debuginfo-2.6.32-4.el6_1.4.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: cd5724d0d41c5e40c5cc2bb231610fd1
SHA-256: 7e3910d7159091cdb8c3382fc74033002deefbd778f0b8c6410953f29a4b5de4
openswan-doc-2.6.32-4.el6_1.4.i686.rpm
File outdated by:  RHSA-2014:0185
    MD5: ebc7f7168848df2336452ec5dc5c8898
SHA-256: 16ca2f4c1bdd144ef830f6d89c647c93ac9cf77a28f56808ff623aced0f1bcfc
 
x86_64:
openswan-2.6.32-4.el6_1.4.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 1f5caf1ccf44cde849a9e4fc59ce5c7f
SHA-256: e1cba26f2c97aeb68414592133c3bedea9103acbde8ed552e387057970a8bcae
openswan-debuginfo-2.6.32-4.el6_1.4.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: bdadfa92a0e6c0a14d6fbea58756c1c2
SHA-256: 82bac6ddae21a6d74437f7afa35dff7c5ca2df3803360e140df204fde80335fd
openswan-doc-2.6.32-4.el6_1.4.x86_64.rpm
File outdated by:  RHSA-2014:0185
    MD5: 5fdc84560c6a18c6fcce35bf4bc3dada
SHA-256: 7d429b19de6c64ac40ff216f67cff403a27d6154654aec6896b55adbf74f4c17
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

748961 - CVE-2011-4073 openswan: use-after-free vulnerability leads to DoS


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/