Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Gentoo: GLSA-202007-21 Normal: Libreswan Service Disruption

gentoo
Calendar Grey July 26, 2020
Dist Gentoo Esm H88
Libreswan encounters a moderate level of Denial of Service vulnerability that necessitates prompt updating on systems running Gentoo.
A vulnerability in Libreswan could lead to a Denial of Service condition.

Summary

As a result of a bug in handling certain bogus encrypted IKEv1, while building a log message that the packet has been dropped, a NULL pointer dereference causes Libreswan to crash and restart when it attempts to log the state name involved.

Topics%20covered

Topics Covered

security advisory denial of service gentoo normal severity libreswan

Resolution

All Libreswan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-vpn/libreswan-3.32"

References

[ 1 ] CVE-2020-1763 https://nvd.nist.gov/vuln/detail/CVE-2020-1763

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-21
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: Libreswan: Denial of service
Date: July 27, 2020
Bugs: #722696
ID: 202007-21

Topics%20covered

Topics Covered

security advisory denial of service gentoo normal severity libreswan

Synopsis

A vulnerability in Libreswan could lead to a Denial of Service condition.

Background

Libreswan is a free software implementation of the most widely supported and standarized VPN protocol based on (“IPsec”) and the Internet Key Exchange (“IKE”).

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-vpn/libreswan < 3.32 >= 3.32

Impact

===== An attacker could cause a possible Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

Your message here