Headline
RHSA-2023:3148: Red Hat Security Advisory: libreswan security update
An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 9.2.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-16
Updated:
2023-05-16
RHSA-2023:3148 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: libreswan security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libreswan is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).
Security Fix(es):
- libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux (CVE-2023-2295)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
- Red Hat Enterprise Linux Server - AUS 9.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x
Fixes
- BZ - 2189777 - CVE-2023-2295 libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux
Red Hat Enterprise Linux for x86_64 9
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
x86_64
libreswan-4.9-4.el9_2.x86_64.rpm
SHA-256: 44471356b0de41b56a9f840257c1c50a877e3951e5cfe3106c2e53312146c345
libreswan-debuginfo-4.9-4.el9_2.x86_64.rpm
SHA-256: a0cc2cfc0164033898e6b34a72cffad94ebe8945528d42511f8fb94adbd7c82d
libreswan-debugsource-4.9-4.el9_2.x86_64.rpm
SHA-256: df27c5d076132e4a694995d8db9f35e14c85ea60a339cb1387b63384e4ed7b0a
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
x86_64
libreswan-4.9-4.el9_2.x86_64.rpm
SHA-256: 44471356b0de41b56a9f840257c1c50a877e3951e5cfe3106c2e53312146c345
libreswan-debuginfo-4.9-4.el9_2.x86_64.rpm
SHA-256: a0cc2cfc0164033898e6b34a72cffad94ebe8945528d42511f8fb94adbd7c82d
libreswan-debugsource-4.9-4.el9_2.x86_64.rpm
SHA-256: df27c5d076132e4a694995d8db9f35e14c85ea60a339cb1387b63384e4ed7b0a
Red Hat Enterprise Linux Server - AUS 9.2
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
x86_64
libreswan-4.9-4.el9_2.x86_64.rpm
SHA-256: 44471356b0de41b56a9f840257c1c50a877e3951e5cfe3106c2e53312146c345
libreswan-debuginfo-4.9-4.el9_2.x86_64.rpm
SHA-256: a0cc2cfc0164033898e6b34a72cffad94ebe8945528d42511f8fb94adbd7c82d
libreswan-debugsource-4.9-4.el9_2.x86_64.rpm
SHA-256: df27c5d076132e4a694995d8db9f35e14c85ea60a339cb1387b63384e4ed7b0a
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
s390x
libreswan-4.9-4.el9_2.s390x.rpm
SHA-256: 17e59e04a555fa9f225aec59809800d0a325fad0afbbea15bb51d6365fb43c33
libreswan-debuginfo-4.9-4.el9_2.s390x.rpm
SHA-256: 4f7687fc57cc2893a832677ebfbadedea01aba4b66e974907065c79cf6ecea56
libreswan-debugsource-4.9-4.el9_2.s390x.rpm
SHA-256: b53e15ac1d985c069a49dbe544c5fd0ff8c0c3115d4e26d650db20164287e4e7
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
s390x
libreswan-4.9-4.el9_2.s390x.rpm
SHA-256: 17e59e04a555fa9f225aec59809800d0a325fad0afbbea15bb51d6365fb43c33
libreswan-debuginfo-4.9-4.el9_2.s390x.rpm
SHA-256: 4f7687fc57cc2893a832677ebfbadedea01aba4b66e974907065c79cf6ecea56
libreswan-debugsource-4.9-4.el9_2.s390x.rpm
SHA-256: b53e15ac1d985c069a49dbe544c5fd0ff8c0c3115d4e26d650db20164287e4e7
Red Hat Enterprise Linux for Power, little endian 9
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
ppc64le
libreswan-4.9-4.el9_2.ppc64le.rpm
SHA-256: 4082b62c0d03173f98d08403a0b5355c7f917c7d912b755ab5ccd3510c4fb876
libreswan-debuginfo-4.9-4.el9_2.ppc64le.rpm
SHA-256: 43639d6ede6ade56011dfb102e21f92ab7aae0d10f69bfdeab76a2ee1e48a816
libreswan-debugsource-4.9-4.el9_2.ppc64le.rpm
SHA-256: e44b1fe557c9ccf1bdd4e75920dbe25c205a299ecd4a28850bd3caf573b1d5ba
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
ppc64le
libreswan-4.9-4.el9_2.ppc64le.rpm
SHA-256: 4082b62c0d03173f98d08403a0b5355c7f917c7d912b755ab5ccd3510c4fb876
libreswan-debuginfo-4.9-4.el9_2.ppc64le.rpm
SHA-256: 43639d6ede6ade56011dfb102e21f92ab7aae0d10f69bfdeab76a2ee1e48a816
libreswan-debugsource-4.9-4.el9_2.ppc64le.rpm
SHA-256: e44b1fe557c9ccf1bdd4e75920dbe25c205a299ecd4a28850bd3caf573b1d5ba
Red Hat Enterprise Linux for ARM 64 9
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
aarch64
libreswan-4.9-4.el9_2.aarch64.rpm
SHA-256: 6455757cce56f528dfc6a0a9aa74fa903fd1292889953015c5b7ce310cd3d6a9
libreswan-debuginfo-4.9-4.el9_2.aarch64.rpm
SHA-256: 339a487564d4c011ca7d5e2286842b354a95d531756396f58670a59405724640
libreswan-debugsource-4.9-4.el9_2.aarch64.rpm
SHA-256: 2af1e5ee2b216aab2de54ea9200303742bc22c4ed44ac39397a9cb25e3f05cfe
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
aarch64
libreswan-4.9-4.el9_2.aarch64.rpm
SHA-256: 6455757cce56f528dfc6a0a9aa74fa903fd1292889953015c5b7ce310cd3d6a9
libreswan-debuginfo-4.9-4.el9_2.aarch64.rpm
SHA-256: 339a487564d4c011ca7d5e2286842b354a95d531756396f58670a59405724640
libreswan-debugsource-4.9-4.el9_2.aarch64.rpm
SHA-256: 2af1e5ee2b216aab2de54ea9200303742bc22c4ed44ac39397a9cb25e3f05cfe
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
ppc64le
libreswan-4.9-4.el9_2.ppc64le.rpm
SHA-256: 4082b62c0d03173f98d08403a0b5355c7f917c7d912b755ab5ccd3510c4fb876
libreswan-debuginfo-4.9-4.el9_2.ppc64le.rpm
SHA-256: 43639d6ede6ade56011dfb102e21f92ab7aae0d10f69bfdeab76a2ee1e48a816
libreswan-debugsource-4.9-4.el9_2.ppc64le.rpm
SHA-256: e44b1fe557c9ccf1bdd4e75920dbe25c205a299ecd4a28850bd3caf573b1d5ba
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
x86_64
libreswan-4.9-4.el9_2.x86_64.rpm
SHA-256: 44471356b0de41b56a9f840257c1c50a877e3951e5cfe3106c2e53312146c345
libreswan-debuginfo-4.9-4.el9_2.x86_64.rpm
SHA-256: a0cc2cfc0164033898e6b34a72cffad94ebe8945528d42511f8fb94adbd7c82d
libreswan-debugsource-4.9-4.el9_2.x86_64.rpm
SHA-256: df27c5d076132e4a694995d8db9f35e14c85ea60a339cb1387b63384e4ed7b0a
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
aarch64
libreswan-4.9-4.el9_2.aarch64.rpm
SHA-256: 6455757cce56f528dfc6a0a9aa74fa903fd1292889953015c5b7ce310cd3d6a9
libreswan-debuginfo-4.9-4.el9_2.aarch64.rpm
SHA-256: 339a487564d4c011ca7d5e2286842b354a95d531756396f58670a59405724640
libreswan-debugsource-4.9-4.el9_2.aarch64.rpm
SHA-256: 2af1e5ee2b216aab2de54ea9200303742bc22c4ed44ac39397a9cb25e3f05cfe
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2
SRPM
libreswan-4.9-4.el9_2.src.rpm
SHA-256: eca2eac77f021f65c4303c804dadbf74898609ccfe9a1d7997763f7e6abc7377
s390x
libreswan-4.9-4.el9_2.s390x.rpm
SHA-256: 17e59e04a555fa9f225aec59809800d0a325fad0afbbea15bb51d6365fb43c33
libreswan-debuginfo-4.9-4.el9_2.s390x.rpm
SHA-256: 4f7687fc57cc2893a832677ebfbadedea01aba4b66e974907065c79cf6ecea56
libreswan-debugsource-4.9-4.el9_2.s390x.rpm
SHA-256: b53e15ac1d985c069a49dbe544c5fd0ff8c0c3115d4e26d650db20164287e4e7
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.
Red Hat Security Advisory 2023-3148-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI...
Red Hat Security Advisory 2023-2126-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2124-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2121-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2122-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
An update for libreswan is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan r...
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SP...
An update for libreswan is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response ...
An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SP...