Headline
RHSA-2023:2125: Red Hat Security Advisory: libreswan security update
An update for libreswan is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-04
Updated:
2023-05-04
RHSA-2023:2125 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: libreswan security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libreswan is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).
Security Fix(es):
- libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan (CVE-2023-30570)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2187165 - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4
SRPM
libreswan-4.3-6.el8_4.1.src.rpm
SHA-256: d639a7b9ff5b16db264db4347b4fc7afe898b41a4ba626dcbeb87a0bdc528f29
x86_64
libreswan-4.3-6.el8_4.1.x86_64.rpm
SHA-256: 0117885904e9ab878bd0f5ec349cd852636697f9c02eb0083cc14a466dd81d8a
libreswan-debuginfo-4.3-6.el8_4.1.x86_64.rpm
SHA-256: 22fe65b8daa06cc4d2251f27f78dd7d1fb58257f525441c05a8edad973537a51
libreswan-debugsource-4.3-6.el8_4.1.x86_64.rpm
SHA-256: b82cd57a790c7e692d8ea0a0b954c08b8c4917e62a54bd330de91ff594e6d7d1
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
libreswan-4.3-6.el8_4.1.src.rpm
SHA-256: d639a7b9ff5b16db264db4347b4fc7afe898b41a4ba626dcbeb87a0bdc528f29
x86_64
libreswan-4.3-6.el8_4.1.x86_64.rpm
SHA-256: 0117885904e9ab878bd0f5ec349cd852636697f9c02eb0083cc14a466dd81d8a
libreswan-debuginfo-4.3-6.el8_4.1.x86_64.rpm
SHA-256: 22fe65b8daa06cc4d2251f27f78dd7d1fb58257f525441c05a8edad973537a51
libreswan-debugsource-4.3-6.el8_4.1.x86_64.rpm
SHA-256: b82cd57a790c7e692d8ea0a0b954c08b8c4917e62a54bd330de91ff594e6d7d1
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4
SRPM
libreswan-4.3-6.el8_4.1.src.rpm
SHA-256: d639a7b9ff5b16db264db4347b4fc7afe898b41a4ba626dcbeb87a0bdc528f29
s390x
libreswan-4.3-6.el8_4.1.s390x.rpm
SHA-256: e0d146825512ea375da756a18c671db7c7d6ac354fe9969bfecad755ff3ea16f
libreswan-debuginfo-4.3-6.el8_4.1.s390x.rpm
SHA-256: adc7346b336812b95a3ac20c94b0a8a12d14725bbc8eb2e8d4c2c028097a10d8
libreswan-debugsource-4.3-6.el8_4.1.s390x.rpm
SHA-256: 2cac386cb04f1be38ebbbc830dfea02f5689f788c5db9cd6cc53e3e079255868
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4
SRPM
libreswan-4.3-6.el8_4.1.src.rpm
SHA-256: d639a7b9ff5b16db264db4347b4fc7afe898b41a4ba626dcbeb87a0bdc528f29
ppc64le
libreswan-4.3-6.el8_4.1.ppc64le.rpm
SHA-256: 1e3f7f9020fda8b7f0c889459fafcd90517c912a7a56d871b37529339c41f35e
libreswan-debuginfo-4.3-6.el8_4.1.ppc64le.rpm
SHA-256: d2abf116b74a780bfb272007ec513de629acab4dea28d232767e79b05c341eda
libreswan-debugsource-4.3-6.el8_4.1.ppc64le.rpm
SHA-256: cabb2b6fe40a5c62c4897a30ecf8084c40b0924568da8e115246f9b88f626496
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
libreswan-4.3-6.el8_4.1.src.rpm
SHA-256: d639a7b9ff5b16db264db4347b4fc7afe898b41a4ba626dcbeb87a0bdc528f29
x86_64
libreswan-4.3-6.el8_4.1.x86_64.rpm
SHA-256: 0117885904e9ab878bd0f5ec349cd852636697f9c02eb0083cc14a466dd81d8a
libreswan-debuginfo-4.3-6.el8_4.1.x86_64.rpm
SHA-256: 22fe65b8daa06cc4d2251f27f78dd7d1fb58257f525441c05a8edad973537a51
libreswan-debugsource-4.3-6.el8_4.1.x86_64.rpm
SHA-256: b82cd57a790c7e692d8ea0a0b954c08b8c4917e62a54bd330de91ff594e6d7d1
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4
SRPM
libreswan-4.3-6.el8_4.1.src.rpm
SHA-256: d639a7b9ff5b16db264db4347b4fc7afe898b41a4ba626dcbeb87a0bdc528f29
aarch64
libreswan-4.3-6.el8_4.1.aarch64.rpm
SHA-256: 9df5f99c5b5bf924cf146e8474e3b969f524ab3fd28be66ca436f4950358c9c2
libreswan-debuginfo-4.3-6.el8_4.1.aarch64.rpm
SHA-256: 343187727f82be9f4afcc4e7488c8f587f5ea6820de5a6c9f4be3941e47d6a13
libreswan-debugsource-4.3-6.el8_4.1.aarch64.rpm
SHA-256: 61b9b710ab1bc741fa91989acec71f2ae8bc90f11efee3f5d024bb1643a21c9b
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4
SRPM
libreswan-4.3-6.el8_4.1.src.rpm
SHA-256: d639a7b9ff5b16db264db4347b4fc7afe898b41a4ba626dcbeb87a0bdc528f29
ppc64le
libreswan-4.3-6.el8_4.1.ppc64le.rpm
SHA-256: 1e3f7f9020fda8b7f0c889459fafcd90517c912a7a56d871b37529339c41f35e
libreswan-debuginfo-4.3-6.el8_4.1.ppc64le.rpm
SHA-256: d2abf116b74a780bfb272007ec513de629acab4dea28d232767e79b05c341eda
libreswan-debugsource-4.3-6.el8_4.1.ppc64le.rpm
SHA-256: cabb2b6fe40a5c62c4897a30ecf8084c40b0924568da8e115246f9b88f626496
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
SRPM
libreswan-4.3-6.el8_4.1.src.rpm
SHA-256: d639a7b9ff5b16db264db4347b4fc7afe898b41a4ba626dcbeb87a0bdc528f29
x86_64
libreswan-4.3-6.el8_4.1.x86_64.rpm
SHA-256: 0117885904e9ab878bd0f5ec349cd852636697f9c02eb0083cc14a466dd81d8a
libreswan-debuginfo-4.3-6.el8_4.1.x86_64.rpm
SHA-256: 22fe65b8daa06cc4d2251f27f78dd7d1fb58257f525441c05a8edad973537a51
libreswan-debugsource-4.3-6.el8_4.1.x86_64.rpm
SHA-256: b82cd57a790c7e692d8ea0a0b954c08b8c4917e62a54bd330de91ff594e6d7d1
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI...
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI...
Red Hat Security Advisory 2023-2126-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2124-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2121-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2122-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
Red Hat Security Advisory 2023-2120-01 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.
An update for libreswan is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan r...
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SP...
An update for libreswan is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response ...
An update for libreswan is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder S...
An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30570: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SP...