Fedora: 2009-7423 Moderate: Openswan ASN.1 Parser Security Advisory

Openswan is a free implementation of IPsec & IKE for Linux. IPsec is

the Internet Protocol Security and uses strong cryptography to provide

both authentication and encryption services. These services allow you

to build secure tunnels through untrusted networks. Everything passing

through the untrusted net is encrypted by the ipsec gateway machine and

decrypted by the gateway at the other end of the tunnel. The resulting

tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up

Openswan. It optionally also builds the Openswan KLIPS IPsec stack that

is an alternative for the NETKEY/XFRM IPsec stack that exists in the

default Linux kernel.

Openswan 2.6.x also supports IKEv2 (RFC4309)

ChangeLog:

* Mon Jul 6 2009 Avesh Agarwal - 2.6.21-2

- Openswan ASN.1 parser vulnerability (CVE-2009-2185)

* Mon Mar 30 2009 Avesh Agarwal - 2.6.21-1

- new upstream release

- Fix for CVE-2009-0790 DPD crasher

- Fix remaining SADB_EXT_MAX -> K_SADB_EXT_MAX entries

- Fix ipsec setup --status not showing amount of tunnels with netkey

* Wed Dec 17 2008 Avesh Agarwal - 2.6.19-1

- new upstream release

References:

[ 1 ] Bug #507362 - CVE-2009-2185 Openswan ASN.1 parser vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=507362

This update can be installed with the "yum" update program. Use

su -c 'yum update openswan' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/