- Issued:
- 2008-06-11
- Updated:
- 2008-06-11
RHBA-2008:0536 - Bug Fix Advisory
Synopsis
openswan bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated openswan packages that resolve several issues are now available.
Description
Openswan is a free implementation of IPsec & IKE for Linux. IPsec stands
for Internet Protocol Security, and uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. Everything passing through
the untrusted net is encrypted by the ipsec gateway machine and decrypted
by the gateway at the other end of the tunnel. The resulting tunnel is a
virtual private network, or VPN.
This package contains the daemons and userland tools for setting up
Openswan on Red Hat Enterprise Linux 5.
Openswan provides an alternative to the ipsec-tools package, and includes
additional functionality that users may find useful. Users of the
ipsec-tools package may wish to evaluate Openswan.
These updated openswan packages provide fixes for the following bugs:
- openswan and strongswan failed to interoperate
- openswan was supposed to negotiate a CCM algorithm and wasn't
- openswan was not accepting null esp auth algorithm
- openswan was segfaulting when phase2alg=null
- openswan IKEv2 daemon was crashing when interoperating with racoon2
- openswan was not deleting expired SA's
All users of openswan are advised to upgrade to these updated packages,
which resolve these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
Affected Products
- Red Hat Enterprise Linux Server 5 x86_64
- Red Hat Enterprise Linux Server 5 ia64
- Red Hat Enterprise Linux Server 5 i386
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 ia64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2 i386
- Red Hat Enterprise Linux Workstation 5 x86_64
- Red Hat Enterprise Linux Workstation 5 i386
- Red Hat Enterprise Linux Desktop 5 x86_64
- Red Hat Enterprise Linux Desktop 5 i386
- Red Hat Enterprise Linux for IBM z Systems 5 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
- Red Hat Enterprise Linux for Power, big endian 5 ppc
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
- Red Hat Enterprise Linux Server from RHUI 5 x86_64
- Red Hat Enterprise Linux Server from RHUI 5 i386
Fixes
- BZ - 450125 - [IPv6-DoD] openswan and strongswan fail to interoperate with IKEv2
- BZ - 450126 - IPV6DOD: openswan should negotiate CCM algorithm.
- BZ - 450127 - [IPv6-DoD] openswan doesn't accept null esp auth alg
- BZ - 450128 - openswan logging segfault when phase2alg=null
- BZ - 450129 - [IPv6-DoD] openswan IKEv2 crashes when interoperating with racoon2
- BZ - 450334 - openswan doesn't delete expired SA's
CVEs
(none)
References
(none)
Red Hat Enterprise Linux Server 5
SRPM | |
---|---|
openswan-2.6.14-1.el5_2.1.src.rpm | SHA-256: 3d73beb420758be14a22a1dcf13ebaf37e3889c1fe306d126b5a9b2899ac5570 |
x86_64 | |
openswan-2.6.14-1.el5_2.1.x86_64.rpm | SHA-256: 2819924d8eac75204fdcd45e8d3fd771a3ff5904b5132540256c5ee3508d013f |
openswan-doc-2.6.14-1.el5_2.1.x86_64.rpm | SHA-256: 89c9379c0b9b0f0478b2d012c4e64dfa314339a4749b33d7ac61fcedbfa94fcd |
ia64 | |
openswan-2.6.14-1.el5_2.1.ia64.rpm | SHA-256: 9c87ebe9cb37f56f08162656a6ad25de40806babea35d50cb7130ff13a04f942 |
openswan-doc-2.6.14-1.el5_2.1.ia64.rpm | SHA-256: fe0493aa3c844121148bb8200319d32effac23371f4b5ec728d362af565241ff |
i386 | |
openswan-2.6.14-1.el5_2.1.i386.rpm | SHA-256: 5263057c74fb29553b29d89b03dfb1d21b6a2cdaa110d811099417d0cd173f5f |
openswan-doc-2.6.14-1.el5_2.1.i386.rpm | SHA-256: 5488dd4ea80b54d8cd489e008e36251f96fa74fa80f3efeb2f583b0413a0f639 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.2
SRPM | |
---|---|
x86_64 | |
ia64 | |
i386 |
Red Hat Enterprise Linux Workstation 5
SRPM | |
---|---|
openswan-2.6.14-1.el5_2.1.src.rpm | SHA-256: 3d73beb420758be14a22a1dcf13ebaf37e3889c1fe306d126b5a9b2899ac5570 |
x86_64 | |
openswan-2.6.14-1.el5_2.1.x86_64.rpm | SHA-256: 2819924d8eac75204fdcd45e8d3fd771a3ff5904b5132540256c5ee3508d013f |
openswan-doc-2.6.14-1.el5_2.1.x86_64.rpm | SHA-256: 89c9379c0b9b0f0478b2d012c4e64dfa314339a4749b33d7ac61fcedbfa94fcd |
i386 | |
openswan-2.6.14-1.el5_2.1.i386.rpm | SHA-256: 5263057c74fb29553b29d89b03dfb1d21b6a2cdaa110d811099417d0cd173f5f |
openswan-doc-2.6.14-1.el5_2.1.i386.rpm | SHA-256: 5488dd4ea80b54d8cd489e008e36251f96fa74fa80f3efeb2f583b0413a0f639 |
Red Hat Enterprise Linux Desktop 5
SRPM | |
---|---|
openswan-2.6.14-1.el5_2.1.src.rpm | SHA-256: 3d73beb420758be14a22a1dcf13ebaf37e3889c1fe306d126b5a9b2899ac5570 |
x86_64 | |
openswan-2.6.14-1.el5_2.1.x86_64.rpm | SHA-256: 2819924d8eac75204fdcd45e8d3fd771a3ff5904b5132540256c5ee3508d013f |
openswan-doc-2.6.14-1.el5_2.1.x86_64.rpm | SHA-256: 89c9379c0b9b0f0478b2d012c4e64dfa314339a4749b33d7ac61fcedbfa94fcd |
i386 | |
openswan-2.6.14-1.el5_2.1.i386.rpm | SHA-256: 5263057c74fb29553b29d89b03dfb1d21b6a2cdaa110d811099417d0cd173f5f |
openswan-doc-2.6.14-1.el5_2.1.i386.rpm | SHA-256: 5488dd4ea80b54d8cd489e008e36251f96fa74fa80f3efeb2f583b0413a0f639 |
Red Hat Enterprise Linux for IBM z Systems 5
SRPM | |
---|---|
openswan-2.6.14-1.el5_2.1.src.rpm | SHA-256: 3d73beb420758be14a22a1dcf13ebaf37e3889c1fe306d126b5a9b2899ac5570 |
s390x | |
openswan-2.6.14-1.el5_2.1.s390x.rpm | SHA-256: e6cdcd3503f61f4912a35f83c36604a776987e2bdb324e634a11092737c76aea |
openswan-doc-2.6.14-1.el5_2.1.s390x.rpm | SHA-256: edf71c97fa00ac3f6f6af12aac6bff66a43543f5a2e857c74ba7602db1d0a69e |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2
SRPM | |
---|---|
s390x |
Red Hat Enterprise Linux for Power, big endian 5
SRPM | |
---|---|
openswan-2.6.14-1.el5_2.1.src.rpm | SHA-256: 3d73beb420758be14a22a1dcf13ebaf37e3889c1fe306d126b5a9b2899ac5570 |
ppc | |
openswan-2.6.14-1.el5_2.1.ppc.rpm | SHA-256: fda4483d8aeb442168d20f7df944b33389d03e5db7e807032e78d28c12744e06 |
openswan-doc-2.6.14-1.el5_2.1.ppc.rpm | SHA-256: 1ac9b6ffe5aa1d27c3de3dc58db3fdcb8f4a95e0fd1f5288109ffa9a403ae2bf |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2
SRPM | |
---|---|
ppc |
Red Hat Enterprise Linux Server from RHUI 5
SRPM | |
---|---|
openswan-2.6.14-1.el5_2.1.src.rpm | SHA-256: 3d73beb420758be14a22a1dcf13ebaf37e3889c1fe306d126b5a9b2899ac5570 |
x86_64 | |
openswan-2.6.14-1.el5_2.1.x86_64.rpm | SHA-256: 2819924d8eac75204fdcd45e8d3fd771a3ff5904b5132540256c5ee3508d013f |
openswan-doc-2.6.14-1.el5_2.1.x86_64.rpm | SHA-256: 89c9379c0b9b0f0478b2d012c4e64dfa314339a4749b33d7ac61fcedbfa94fcd |
i386 | |
openswan-2.6.14-1.el5_2.1.i386.rpm | SHA-256: 5263057c74fb29553b29d89b03dfb1d21b6a2cdaa110d811099417d0cd173f5f |
openswan-doc-2.6.14-1.el5_2.1.i386.rpm | SHA-256: 5488dd4ea80b54d8cd489e008e36251f96fa74fa80f3efeb2f583b0413a0f639 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.