Security Advisory Moderate: openswan security update

Advisory: RHSA-2014:0185-1
Type: Security Advisory
Severity: Moderate
Issued on: 2014-02-18
Last updated on: 2014-02-18
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-6466

Details

Updated openswan packages that fix one security issue are now available for
Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Openswan is a free implementation of Internet Protocol Security (IPsec) and
Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both
authentication and encryption services. These services allow you to build
secure tunnels through untrusted networks.

A NULL pointer dereference flaw was discovered in the way Openswan's IKE
daemon processed IKEv2 payloads. A remote attacker could send specially
crafted IKEv2 payloads that, when processed, would lead to a denial of
service (daemon crash), possibly causing existing VPN connections to be
dropped. (CVE-2013-6466)

All openswan users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
openswan-2.6.32-7.3.el5_10.src.rpm
File outdated by:  RHBA-2014:1223
    MD5: 77b17efe9746258bcdc7ba386ef9057c
SHA-256: a22d8e8b28ebe09ecbe2da8191199476708e26dfcab3a02c66133fe5b36ab89b
 
IA-32:
openswan-2.6.32-7.3.el5_10.i386.rpm
File outdated by:  RHBA-2014:1223
    MD5: 2de4d85b91f6094c999b49eac2952b38
SHA-256: 4878c44a4dcafc68f7bdb2900fd4cff89ae3d39999d3b26e6bbbf63bf04058b7
openswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm
File outdated by:  RHBA-2014:1223
    MD5: 9c6590bd319b533c014fb75bfbdf3453
SHA-256: 065de0347ca0baf9cae72d856e27e10effcd19f69385f9777a07b2031001cd2d
openswan-doc-2.6.32-7.3.el5_10.i386.rpm
File outdated by:  RHBA-2014:1223
    MD5: 92e232342add0dc0569b474e42f66af8
SHA-256: f687dad574d074c159d9781774672993fadc4af73b430bcff185e15d365589f4
 
IA-64:
openswan-2.6.32-7.3.el5_10.ia64.rpm
File outdated by:  RHBA-2014:1223
    MD5: 825439267c6680710bbc5c1a160a9fc6
SHA-256: 4cb9220a26d494c5b229c2c49070819a650b69e368731d2ffa5b6b91476db5ce
openswan-debuginfo-2.6.32-7.3.el5_10.ia64.rpm
File outdated by:  RHBA-2014:1223
    MD5: 0e4315e7965ac5f9fc761d5d9cfd79c1
SHA-256: 36cb45e0739d65add151aacadd3869123df8881b7510523c093a10b7b754751f
openswan-doc-2.6.32-7.3.el5_10.ia64.rpm
File outdated by:  RHBA-2014:1223
    MD5: e76a640771ba6c23c97ce97bc6871e5c
SHA-256: 6e64c6c88497b06646d44e68fd95d07fdb71a95aeefb63d872cf35d39e2bead3
 
PPC:
openswan-2.6.32-7.3.el5_10.ppc.rpm
File outdated by:  RHBA-2014:1223
    MD5: e33251027e02145f35a6d8ee402c5b1e
SHA-256: 870fb696a2c90420d2452fffeae7d21a1b10fd4060bf71efb64af077b318d6b4
openswan-debuginfo-2.6.32-7.3.el5_10.ppc.rpm
File outdated by:  RHBA-2014:1223
    MD5: 5ae1eeb8767cf1d67316117ed2b5f5d1
SHA-256: 50b6d0ce4d31160bb256c373a0fed2e7e89aab871da0ee1ff1c41bd17e2f954e
openswan-doc-2.6.32-7.3.el5_10.ppc.rpm
File outdated by:  RHBA-2014:1223
    MD5: a78272e5346622afe1845559c357cd7a
SHA-256: 8cf00be3b76fdca337a89910ab81147b46ef314d2970a9e9e42890f368cda5e8
 
s390x:
openswan-2.6.32-7.3.el5_10.s390x.rpm
File outdated by:  RHBA-2014:1223
    MD5: 897d3064eea08de43eae3dfc682c564f
SHA-256: a4af165e04e40016569a4d1665530f7673b5e778f56f4cd5ab0bd87ff346dd72
openswan-debuginfo-2.6.32-7.3.el5_10.s390x.rpm
File outdated by:  RHBA-2014:1223
    MD5: 15681ba9847bc83771fe95a3483790dd
SHA-256: 6bc4b403c28ec7f2a63808174771bdbf71cb51008f760655e25334a2132dd19b
openswan-doc-2.6.32-7.3.el5_10.s390x.rpm
File outdated by:  RHBA-2014:1223
    MD5: 36f9d9c0cf03a975de80e2e1a302421a
SHA-256: c7006fda880106bb2afc52e08f39c6ad59339bfe683e0b7cedba758be6e1d41c
 
x86_64:
openswan-2.6.32-7.3.el5_10.x86_64.rpm
File outdated by:  RHBA-2014:1223
    MD5: a8aa043432ddf2a9388d6030e13b6064
SHA-256: 5c7cf8a9fa221dbca8d2e1e1d60dedc4d6520dd68b89559fbd7de2395a2b9b77
openswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm
File outdated by:  RHBA-2014:1223
    MD5: 3ce31b73d3eedd4d6456f3b5e61f585c
SHA-256: ee0e30a81e695376c352a2d2f089af052a444f42abde264f2ccd4191d5a9f8a7
openswan-doc-2.6.32-7.3.el5_10.x86_64.rpm
File outdated by:  RHBA-2014:1223
    MD5: 949d463497d8c7ac208fc51eb8e60476
SHA-256: 44528330aff608b88a5563c4d8487bb4475e5ff00793c7e195f66c2af28f01f8
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
openswan-2.6.32-7.3.el5_10.src.rpm
File outdated by:  RHBA-2014:1223
    MD5: 77b17efe9746258bcdc7ba386ef9057c
SHA-256: a22d8e8b28ebe09ecbe2da8191199476708e26dfcab3a02c66133fe5b36ab89b
 
IA-32:
openswan-2.6.32-7.3.el5_10.i386.rpm
File outdated by:  RHBA-2014:1223
    MD5: 2de4d85b91f6094c999b49eac2952b38
SHA-256: 4878c44a4dcafc68f7bdb2900fd4cff89ae3d39999d3b26e6bbbf63bf04058b7
openswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm
File outdated by:  RHBA-2014:1223
    MD5: 9c6590bd319b533c014fb75bfbdf3453
SHA-256: 065de0347ca0baf9cae72d856e27e10effcd19f69385f9777a07b2031001cd2d
openswan-doc-2.6.32-7.3.el5_10.i386.rpm
File outdated by:  RHBA-2014:1223
    MD5: 92e232342add0dc0569b474e42f66af8
SHA-256: f687dad574d074c159d9781774672993fadc4af73b430bcff185e15d365589f4
 
x86_64:
openswan-2.6.32-7.3.el5_10.x86_64.rpm
File outdated by:  RHBA-2014:1223
    MD5: a8aa043432ddf2a9388d6030e13b6064
SHA-256: 5c7cf8a9fa221dbca8d2e1e1d60dedc4d6520dd68b89559fbd7de2395a2b9b77
openswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm
File outdated by:  RHBA-2014:1223
    MD5: 3ce31b73d3eedd4d6456f3b5e61f585c
SHA-256: ee0e30a81e695376c352a2d2f089af052a444f42abde264f2ccd4191d5a9f8a7
openswan-doc-2.6.32-7.3.el5_10.x86_64.rpm
File outdated by:  RHBA-2014:1223
    MD5: 949d463497d8c7ac208fc51eb8e60476
SHA-256: 44528330aff608b88a5563c4d8487bb4475e5ff00793c7e195f66c2af28f01f8
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
openswan-2.6.32-27.2.el6_5.src.rpm
File outdated by:  RHBA-2014:1588
    MD5: d252c88145beabe1528920fc5377a219
SHA-256: d2d9fb1ad5ee7b6d61204a7ba76ce185f85a56072a8db2438562ee02f7da72c8
 
IA-32:
openswan-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:1588
    MD5: 2dfa2ffb7479108540439b1725c81cd4
SHA-256: 5887e60c82da0a584f9865a40fe27915a89737a20028958f39c00c20e70cd049
openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:1588
    MD5: 7e82cc44d4b031190131cf134ddc5bab
SHA-256: c817567737f13bafa7e005e16acc2d36ab2488147a550520860bd3d12135f71a
openswan-doc-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:1588
    MD5: 8e6f37428c597a3b13beb1d44664d1a2
SHA-256: 969c8e2f8968f2019554b942782b8c20b064492f56b66205b5d37a762b7ac16b
 
x86_64:
openswan-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1588
    MD5: 3a04b194004c8ade6e18a8c0ac42d642
SHA-256: 0ffb93b796c5a4fd57748eaa00006f601cbd096dc0d366c279ac76471f49f287
openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1588
    MD5: 96a114394eac4f206579bb036e6415f3
SHA-256: cb4f28965979a2ea7048d698c7b95ed9d0f90e9ac0c122d4c44bbc011b5d9e3b
openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1588
    MD5: 2bbf85cc48ea4c73c9dd3731554715fe
SHA-256: e77e17128da113d91be0c23dfeceff47bd0582d4e51a304eed6399d44eab917e
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
openswan-2.6.32-27.2.el6_5.src.rpm
File outdated by:  RHBA-2014:1588
    MD5: d252c88145beabe1528920fc5377a219
SHA-256: d2d9fb1ad5ee7b6d61204a7ba76ce185f85a56072a8db2438562ee02f7da72c8
 
IA-32:
openswan-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:1588
    MD5: 2dfa2ffb7479108540439b1725c81cd4
SHA-256: 5887e60c82da0a584f9865a40fe27915a89737a20028958f39c00c20e70cd049
openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:1588
    MD5: 7e82cc44d4b031190131cf134ddc5bab
SHA-256: c817567737f13bafa7e005e16acc2d36ab2488147a550520860bd3d12135f71a
openswan-doc-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:1588
    MD5: 8e6f37428c597a3b13beb1d44664d1a2
SHA-256: 969c8e2f8968f2019554b942782b8c20b064492f56b66205b5d37a762b7ac16b
 
PPC:
openswan-2.6.32-27.2.el6_5.ppc64.rpm
File outdated by:  RHBA-2014:1588
    MD5: 52f223398e62da4bc93bd1302fbb596d
SHA-256: 9d51de79e7760850788b96b8071e7baf529964a3062e967604a40539ee2dbaa9
openswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm
File outdated by:  RHBA-2014:1588
    MD5: b58abfcb1422df9ea53ea3907649994c
SHA-256: 53eeb4e24da6fccc6a010d3128c9e23b6b7226b5d975166a9d175861c79ad024
openswan-doc-2.6.32-27.2.el6_5.ppc64.rpm
File outdated by:  RHBA-2014:1588
    MD5: 20d68a3994bcf0ca24d6eaec31973f2d
SHA-256: ff448db7631addcdc9d905cd0a2533138f65acf60d0935d7ff4da73aa118ce53
 
s390x:
openswan-2.6.32-27.2.el6_5.s390x.rpm
File outdated by:  RHBA-2014:1588
    MD5: 843ae27829b3b51738c7cb43b58e4dc2
SHA-256: f9bb3c12ed0a02b52ca60b25bfd55b746a41c51fc5755a446fca32041d992b61
openswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm
File outdated by:  RHBA-2014:1588
    MD5: 552d5efdb2232740e71267a940e1223d
SHA-256: ca5faf6431cf44f084f95a72cb1ee2db136a22ec183a38e0be76368d525a85a5
openswan-doc-2.6.32-27.2.el6_5.s390x.rpm
File outdated by:  RHBA-2014:1588
    MD5: b276450fbab6c51247759dbc34ccd8a1
SHA-256: 65608b4d56978b218d27c24a27d2ee6ff711f2c2a9638152e32a2baa1f6fd303
 
x86_64:
openswan-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1588
    MD5: 3a04b194004c8ade6e18a8c0ac42d642
SHA-256: 0ffb93b796c5a4fd57748eaa00006f601cbd096dc0d366c279ac76471f49f287
openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1588
    MD5: 96a114394eac4f206579bb036e6415f3
SHA-256: cb4f28965979a2ea7048d698c7b95ed9d0f90e9ac0c122d4c44bbc011b5d9e3b
openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1588
    MD5: 2bbf85cc48ea4c73c9dd3731554715fe
SHA-256: e77e17128da113d91be0c23dfeceff47bd0582d4e51a304eed6399d44eab917e
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
openswan-2.6.32-27.2.el6_5.src.rpm
File outdated by:  RHBA-2014:1588
    MD5: d252c88145beabe1528920fc5377a219
SHA-256: d2d9fb1ad5ee7b6d61204a7ba76ce185f85a56072a8db2438562ee02f7da72c8
 
x86_64:
openswan-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0519
    MD5: 3a04b194004c8ade6e18a8c0ac42d642
SHA-256: 0ffb93b796c5a4fd57748eaa00006f601cbd096dc0d366c279ac76471f49f287
openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0519
    MD5: 96a114394eac4f206579bb036e6415f3
SHA-256: cb4f28965979a2ea7048d698c7b95ed9d0f90e9ac0c122d4c44bbc011b5d9e3b
openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0519
    MD5: 2bbf85cc48ea4c73c9dd3731554715fe
SHA-256: e77e17128da113d91be0c23dfeceff47bd0582d4e51a304eed6399d44eab917e
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
openswan-2.6.32-27.2.el6_5.src.rpm
File outdated by:  RHBA-2014:1588
    MD5: d252c88145beabe1528920fc5377a219
SHA-256: d2d9fb1ad5ee7b6d61204a7ba76ce185f85a56072a8db2438562ee02f7da72c8
 
IA-32:
openswan-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:0519
    MD5: 2dfa2ffb7479108540439b1725c81cd4
SHA-256: 5887e60c82da0a584f9865a40fe27915a89737a20028958f39c00c20e70cd049
openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:0519
    MD5: 7e82cc44d4b031190131cf134ddc5bab
SHA-256: c817567737f13bafa7e005e16acc2d36ab2488147a550520860bd3d12135f71a
openswan-doc-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:0519
    MD5: 8e6f37428c597a3b13beb1d44664d1a2
SHA-256: 969c8e2f8968f2019554b942782b8c20b064492f56b66205b5d37a762b7ac16b
 
PPC:
openswan-2.6.32-27.2.el6_5.ppc64.rpm
File outdated by:  RHBA-2014:0519
    MD5: 52f223398e62da4bc93bd1302fbb596d
SHA-256: 9d51de79e7760850788b96b8071e7baf529964a3062e967604a40539ee2dbaa9
openswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm
File outdated by:  RHBA-2014:0519
    MD5: b58abfcb1422df9ea53ea3907649994c
SHA-256: 53eeb4e24da6fccc6a010d3128c9e23b6b7226b5d975166a9d175861c79ad024
openswan-doc-2.6.32-27.2.el6_5.ppc64.rpm
File outdated by:  RHBA-2014:0519
    MD5: 20d68a3994bcf0ca24d6eaec31973f2d
SHA-256: ff448db7631addcdc9d905cd0a2533138f65acf60d0935d7ff4da73aa118ce53
 
s390x:
openswan-2.6.32-27.2.el6_5.s390x.rpm
File outdated by:  RHBA-2014:0519
    MD5: 843ae27829b3b51738c7cb43b58e4dc2
SHA-256: f9bb3c12ed0a02b52ca60b25bfd55b746a41c51fc5755a446fca32041d992b61
openswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm
File outdated by:  RHBA-2014:0519
    MD5: 552d5efdb2232740e71267a940e1223d
SHA-256: ca5faf6431cf44f084f95a72cb1ee2db136a22ec183a38e0be76368d525a85a5
openswan-doc-2.6.32-27.2.el6_5.s390x.rpm
File outdated by:  RHBA-2014:0519
    MD5: b276450fbab6c51247759dbc34ccd8a1
SHA-256: 65608b4d56978b218d27c24a27d2ee6ff711f2c2a9638152e32a2baa1f6fd303
 
x86_64:
openswan-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0519
    MD5: 3a04b194004c8ade6e18a8c0ac42d642
SHA-256: 0ffb93b796c5a4fd57748eaa00006f601cbd096dc0d366c279ac76471f49f287
openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0519
    MD5: 96a114394eac4f206579bb036e6415f3
SHA-256: cb4f28965979a2ea7048d698c7b95ed9d0f90e9ac0c122d4c44bbc011b5d9e3b
openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:0519
    MD5: 2bbf85cc48ea4c73c9dd3731554715fe
SHA-256: e77e17128da113d91be0c23dfeceff47bd0582d4e51a304eed6399d44eab917e
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
openswan-2.6.32-27.2.el6_5.src.rpm
File outdated by:  RHBA-2014:1588
    MD5: d252c88145beabe1528920fc5377a219
SHA-256: d2d9fb1ad5ee7b6d61204a7ba76ce185f85a56072a8db2438562ee02f7da72c8
 
IA-32:
openswan-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:1588
    MD5: 2dfa2ffb7479108540439b1725c81cd4
SHA-256: 5887e60c82da0a584f9865a40fe27915a89737a20028958f39c00c20e70cd049
openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:1588
    MD5: 7e82cc44d4b031190131cf134ddc5bab
SHA-256: c817567737f13bafa7e005e16acc2d36ab2488147a550520860bd3d12135f71a
openswan-doc-2.6.32-27.2.el6_5.i686.rpm
File outdated by:  RHBA-2014:1588
    MD5: 8e6f37428c597a3b13beb1d44664d1a2
SHA-256: 969c8e2f8968f2019554b942782b8c20b064492f56b66205b5d37a762b7ac16b
 
x86_64:
openswan-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1588
    MD5: 3a04b194004c8ade6e18a8c0ac42d642
SHA-256: 0ffb93b796c5a4fd57748eaa00006f601cbd096dc0d366c279ac76471f49f287
openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1588
    MD5: 96a114394eac4f206579bb036e6415f3
SHA-256: cb4f28965979a2ea7048d698c7b95ed9d0f90e9ac0c122d4c44bbc011b5d9e3b
openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1588
    MD5: 2bbf85cc48ea4c73c9dd3731554715fe
SHA-256: e77e17128da113d91be0c23dfeceff47bd0582d4e51a304eed6399d44eab917e
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1050277 - CVE-2013-6466 openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/