GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Jul 27, 2020 7:26 pm Post subject: [ GLSA 202007-21 ] Libreswan |
 |
|
Gentoo Linux Security Advisory
Title: Libreswan: Denial of service (GLSA 202007-21)
Severity: normal
Exploitable: remote
Date: 2020-07-27
Bug(s): #722696
ID: 202007-21
Synopsis
A vulnerability in Libreswan could lead to a Denial of Service
condition.
Background
Libreswan is a free software implementation of the most widely supported
and standarized VPN protocol based on (“IPsec”) and the Internet Key
Exchange (“IKE”).
Affected Packages
Package: net-vpn/libreswan
Vulnerable: < 3.32
Unaffected: >= 3.32
Architectures: All supported architectures
Description
As a result of a bug in handling certain bogus encrypted IKEv1, while
building a log message that the packet has been dropped, a NULL pointer
dereference causes Libreswan to crash and restart when it attempts to log
the state name involved.
Impact
An attacker could cause a possible Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Libreswan users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-vpn/libreswan-3.32"
|
References
CVE-2020-1763 |
|
News & Announcements
