Headline
Red Hat Security Advisory 2023-2124-01
Red Hat Security Advisory 2023-2124-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: libreswan security update
Advisory ID: RHSA-2023:2124-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2124
Issue date: 2023-05-04
CVE Names: CVE-2023-30570
=====================================================================
- Summary:
An update for libreswan is now available for Red Hat Enterprise Linux 8.2
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP
Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
- Description:
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the
Internet Protocol Security and uses strong cryptography to provide both
authentication and encryption services. These services allow you to build
secure tunnels through untrusted networks such as virtual private network
(VPN).
Security Fix(es):
- libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan
(CVE-2023-30570)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan
- Package List:
Red Hat Enterprise Linux AppStream AUS (v. 8.2):
Source:
libreswan-3.29-7.el8_2.2.src.rpm
aarch64:
libreswan-3.29-7.el8_2.2.aarch64.rpm
libreswan-debuginfo-3.29-7.el8_2.2.aarch64.rpm
libreswan-debugsource-3.29-7.el8_2.2.aarch64.rpm
ppc64le:
libreswan-3.29-7.el8_2.2.ppc64le.rpm
libreswan-debuginfo-3.29-7.el8_2.2.ppc64le.rpm
libreswan-debugsource-3.29-7.el8_2.2.ppc64le.rpm
s390x:
libreswan-3.29-7.el8_2.2.s390x.rpm
libreswan-debuginfo-3.29-7.el8_2.2.s390x.rpm
libreswan-debugsource-3.29-7.el8_2.2.s390x.rpm
x86_64:
libreswan-3.29-7.el8_2.2.x86_64.rpm
libreswan-debuginfo-3.29-7.el8_2.2.x86_64.rpm
libreswan-debugsource-3.29-7.el8_2.2.x86_64.rpm
Red Hat Enterprise Linux AppStream E4S (v. 8.2):
Source:
libreswan-3.29-7.el8_2.2.src.rpm
aarch64:
libreswan-3.29-7.el8_2.2.aarch64.rpm
libreswan-debuginfo-3.29-7.el8_2.2.aarch64.rpm
libreswan-debugsource-3.29-7.el8_2.2.aarch64.rpm
ppc64le:
libreswan-3.29-7.el8_2.2.ppc64le.rpm
libreswan-debuginfo-3.29-7.el8_2.2.ppc64le.rpm
libreswan-debugsource-3.29-7.el8_2.2.ppc64le.rpm
s390x:
libreswan-3.29-7.el8_2.2.s390x.rpm
libreswan-debuginfo-3.29-7.el8_2.2.s390x.rpm
libreswan-debugsource-3.29-7.el8_2.2.s390x.rpm
x86_64:
libreswan-3.29-7.el8_2.2.x86_64.rpm
libreswan-debuginfo-3.29-7.el8_2.2.x86_64.rpm
libreswan-debugsource-3.29-7.el8_2.2.x86_64.rpm
Red Hat Enterprise Linux AppStream TUS (v. 8.2):
Source:
libreswan-3.29-7.el8_2.2.src.rpm
aarch64:
libreswan-3.29-7.el8_2.2.aarch64.rpm
libreswan-debuginfo-3.29-7.el8_2.2.aarch64.rpm
libreswan-debugsource-3.29-7.el8_2.2.aarch64.rpm
ppc64le:
libreswan-3.29-7.el8_2.2.ppc64le.rpm
libreswan-debuginfo-3.29-7.el8_2.2.ppc64le.rpm
libreswan-debugsource-3.29-7.el8_2.2.ppc64le.rpm
s390x:
libreswan-3.29-7.el8_2.2.s390x.rpm
libreswan-debuginfo-3.29-7.el8_2.2.s390x.rpm
libreswan-debugsource-3.29-7.el8_2.2.s390x.rpm
x86_64:
libreswan-3.29-7.el8_2.2.x86_64.rpm
libreswan-debuginfo-3.29-7.el8_2.2.x86_64.rpm
libreswan-debugsource-3.29-7.el8_2.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2023-30570
https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is [email protected]. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZFPxtNzjgjWX9erEAQi8NhAAk2HzRhscOmVIfgUON7ge2SIWkQ0ye0lf
6xanBh+lBCPYXRtgzGn8TXrvn/2cw81vMAYZq5TLfFkU6ct45ELCy1p9ehlQr8Ws
jZKQFetbrJvywvdpwwOGI9H4OYSYCDbmP37PYdUzQNLYzeRxkECpOlfeOJaruVIk
FGEus7upC33EPP9tBEqzD8qt7aj+wgP/AsYqn+Jn9cYOVEGJC8SymGNvJP6eQFPy
Ms6AWe+PWX8HtgxgTU68kFWVzaTOZ9WH4zi31iQEK7o9BVkjeAGQmVMHvMRM2UYg
Uc2G4DmlCEY8BFcCa/zbrDX2jDroTzGsc8VRN8R688S5uNDEMoTRXIk3JKZVIbHZ
F2Vg4qS5uidBQNGc1yICmQps7Xl0os6qAiSe0KUiCA4WCntmpP/AxqYFIkE3Scwp
6IiDf0XSlsQQ0jVaS1VuVB/DHsVi7gh+qQwsF0Fc53ptUG8PzJYRj2gIXbWzrfkj
ytQT5ThxBjuijVRxRBm+/9mTupEDyqzmAKOW9M6sUFxHLXXkaiEqyyhLmkBd2M+w
bC7dQEC6rDchQsTBI3Ex9nRHq33BM2S3+K9MF/oJMBgBZFrSXO6buzOTqrYkjC00
ymtm9nRDxzFmxTqcHthSBrDD61MrJK75bsRG/cCdLjyGlxGWVCP1UJ4Y6KQ1XjnZ
Cjn4Ymyf53U=
=RPTC
-----END PGP SIGNATURE-----
–
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Related news
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
Red Hat Security Advisory 2023-3148-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI...
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI...
Red Hat Security Advisory 2023-2126-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2121-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2122-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2120-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
An update for libreswan is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan r...
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SP...
An update for libreswan is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response ...
An update for libreswan is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SP...