Headline
RHSA-2023:2121: Red Hat Security Advisory: libreswan security update
An update for libreswan is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-04
Updated:
2023-05-04
RHSA-2023:2121 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: libreswan security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libreswan is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).
Security Fix(es):
- libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan (CVE-2023-30570)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
libreswan-4.6-3.el9_0.1.src.rpm
SHA-256: 0c57b6ba8977941ded94aeed5449ba21e8b3abc7e6bfe8fad7be0220c8c59e4b
x86_64
libreswan-4.6-3.el9_0.1.x86_64.rpm
SHA-256: a2f101e8597e24292bcae7eb749fae4ac021e182f8e3adb665be285a72b40892
libreswan-debuginfo-4.6-3.el9_0.1.x86_64.rpm
SHA-256: b235117ddbdfb4d812d7c94590dfaaabaa83df64b56eb8da3b708c16a94a67ab
libreswan-debugsource-4.6-3.el9_0.1.x86_64.rpm
SHA-256: c16421125a3bf3122d1d39b023426efd7c5a769bc52493e171755689a377b459
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
libreswan-4.6-3.el9_0.1.src.rpm
SHA-256: 0c57b6ba8977941ded94aeed5449ba21e8b3abc7e6bfe8fad7be0220c8c59e4b
s390x
libreswan-4.6-3.el9_0.1.s390x.rpm
SHA-256: 2e42ce46a883a12f8979c65ff200f0ddd67baa8ede30e123578938abd0085047
libreswan-debuginfo-4.6-3.el9_0.1.s390x.rpm
SHA-256: 8d61536077160b3ef46800fb16c1eb39cc31d954fa7cdcb10d22fd95bdd1c8a0
libreswan-debugsource-4.6-3.el9_0.1.s390x.rpm
SHA-256: 53e4b7a702c9e298a099a2952e39ccbc670640bfd5cbf87518871747cf8a58f2
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
libreswan-4.6-3.el9_0.1.src.rpm
SHA-256: 0c57b6ba8977941ded94aeed5449ba21e8b3abc7e6bfe8fad7be0220c8c59e4b
ppc64le
libreswan-4.6-3.el9_0.1.ppc64le.rpm
SHA-256: f0cdaff4ee82885aab658725285beef3fe89d082674e67e172388d62437dcad0
libreswan-debuginfo-4.6-3.el9_0.1.ppc64le.rpm
SHA-256: 74a4c451adcf5316b04a8b4ad722dfe7b3520f8ca0156a9e6eadd0103c234c8f
libreswan-debugsource-4.6-3.el9_0.1.ppc64le.rpm
SHA-256: 3ee594a91dc738fcb11e3a93c5818cf773fa261b84880af712f6ce36dc3cb2f7
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
libreswan-4.6-3.el9_0.1.src.rpm
SHA-256: 0c57b6ba8977941ded94aeed5449ba21e8b3abc7e6bfe8fad7be0220c8c59e4b
aarch64
libreswan-4.6-3.el9_0.1.aarch64.rpm
SHA-256: cdc5b14d3b4441bc8bdf3ff6c659d6163076b69089a755d79a52f4a3786f3bd6
libreswan-debuginfo-4.6-3.el9_0.1.aarch64.rpm
SHA-256: a4d1d4d32fa006eb14dc9eda80a25a1494e4f9012320f6a5f73e2443f1e881ed
libreswan-debugsource-4.6-3.el9_0.1.aarch64.rpm
SHA-256: 1f46a15747913ed14fd978273feafe0b6390eb1644261ef2d38e01ae02cb3659
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
libreswan-4.6-3.el9_0.1.src.rpm
SHA-256: 0c57b6ba8977941ded94aeed5449ba21e8b3abc7e6bfe8fad7be0220c8c59e4b
ppc64le
libreswan-4.6-3.el9_0.1.ppc64le.rpm
SHA-256: f0cdaff4ee82885aab658725285beef3fe89d082674e67e172388d62437dcad0
libreswan-debuginfo-4.6-3.el9_0.1.ppc64le.rpm
SHA-256: 74a4c451adcf5316b04a8b4ad722dfe7b3520f8ca0156a9e6eadd0103c234c8f
libreswan-debugsource-4.6-3.el9_0.1.ppc64le.rpm
SHA-256: 3ee594a91dc738fcb11e3a93c5818cf773fa261b84880af712f6ce36dc3cb2f7
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
libreswan-4.6-3.el9_0.1.src.rpm
SHA-256: 0c57b6ba8977941ded94aeed5449ba21e8b3abc7e6bfe8fad7be0220c8c59e4b
x86_64
libreswan-4.6-3.el9_0.1.x86_64.rpm
SHA-256: a2f101e8597e24292bcae7eb749fae4ac021e182f8e3adb665be285a72b40892
libreswan-debuginfo-4.6-3.el9_0.1.x86_64.rpm
SHA-256: b235117ddbdfb4d812d7c94590dfaaabaa83df64b56eb8da3b708c16a94a67ab
libreswan-debugsource-4.6-3.el9_0.1.x86_64.rpm
SHA-256: c16421125a3bf3122d1d39b023426efd7c5a769bc52493e171755689a377b459
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
libreswan-4.6-3.el9_0.1.src.rpm
SHA-256: 0c57b6ba8977941ded94aeed5449ba21e8b3abc7e6bfe8fad7be0220c8c59e4b
aarch64
libreswan-4.6-3.el9_0.1.aarch64.rpm
SHA-256: cdc5b14d3b4441bc8bdf3ff6c659d6163076b69089a755d79a52f4a3786f3bd6
libreswan-debuginfo-4.6-3.el9_0.1.aarch64.rpm
SHA-256: a4d1d4d32fa006eb14dc9eda80a25a1494e4f9012320f6a5f73e2443f1e881ed
libreswan-debugsource-4.6-3.el9_0.1.aarch64.rpm
SHA-256: 1f46a15747913ed14fd978273feafe0b6390eb1644261ef2d38e01ae02cb3659
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
libreswan-4.6-3.el9_0.1.src.rpm
SHA-256: 0c57b6ba8977941ded94aeed5449ba21e8b3abc7e6bfe8fad7be0220c8c59e4b
s390x
libreswan-4.6-3.el9_0.1.s390x.rpm
SHA-256: 2e42ce46a883a12f8979c65ff200f0ddd67baa8ede30e123578938abd0085047
libreswan-debuginfo-4.6-3.el9_0.1.s390x.rpm
SHA-256: 8d61536077160b3ef46800fb16c1eb39cc31d954fa7cdcb10d22fd95bdd1c8a0
libreswan-debugsource-4.6-3.el9_0.1.s390x.rpm
SHA-256: 53e4b7a702c9e298a099a2952e39ccbc670640bfd5cbf87518871747cf8a58f2
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
Red Hat Security Advisory 2023-3148-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI...
Red Hat Security Advisory 2023-2126-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2124-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2121-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2122-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2120-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
An update for libreswan is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan r...
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SP...
An update for libreswan is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response ...