- Issued:
- 2016-11-09
- Updated:
- 2016-11-09
RHBA-2016:2683 - Bug Fix Advisory
Synopsis
libreswan bug fix update
Type/Severity
Bug Fix Advisory
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated libreswan packages that fix several bugs are now available for Red Hat Enterprise Linux 7.2 Extended Update Support.
Description
Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).
This update fixes the following bugs:
- Previously, the pluto Internet Key Exchange (IKE) daemon contained a bug in the bare shunt handling code. Consequently, pluto terminated unexpectedly in some cases when on-demand tunnels were used. The bare shunt handling code has been fixed, and the pluto IKE daemon no longer crashes in the described scenario. (BZ#1373458)
- Previously, Libreswan tried to delete non-existing IPsec Security Associations (SAs). As a consequence, the pluto IKE daemon terminated unexpectedly and then restarted. With this update, Libreswan no longer tries to delete non-existing IPsec SAs, and thus no longer causes the pluto daemon to crash. (BZ#1373458)
- In Libreswan 3.13, 3.14, and 3.15, the "keyingtries=0" option for the "ipsec whack" command did not work properly. Consequently, the pluto IKE daemon stopped trying to establish the tunnels that were not immediately established if "keyingtries=0" was used. With this update, pluto tries to establish the tunnel with "keyingtries=0" indefinitely. (BZ#1386666)
Users of libreswan are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.2 x86_64
- Red Hat Enterprise Linux Server - AUS 7.3 x86_64
- Red Hat Enterprise Linux Server - AUS 7.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.2 s390x
- Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.2 ppc64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.2 ppc64le
- Red Hat Enterprise Linux Server - TUS 7.2 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.2 x86_64
Fixes
- BZ - 1373458 - libreswan FIPS test mistakenly looks for non-existent file hashes and reports FIPS failure
- BZ - 1386666 - keyingtries=0 is broken - meaning it is interpreted as keyingtries=1
CVEs
(none)
References
(none)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.2
| SRPM | |
|---|---|
| libreswan-3.15-6.3.el7_2.src.rpm | SHA-256: a74b7d5351594a9cee9cd53d4ec1b14634c83266ea3920e55e19b4738277d31d |
| x86_64 | |
| libreswan-3.15-6.3.el7_2.x86_64.rpm | SHA-256: 5451037fb767587622a02ab2e89132d4c2626c93948040d2716acb37fbde68e4 |
| libreswan-debuginfo-3.15-6.3.el7_2.x86_64.rpm | SHA-256: 08c8c28dd4b99443540320769e7413d483d08f4e26c0f1aa4df732e03fae26b1 |
Red Hat Enterprise Linux Server - AUS 7.3
| SRPM | |
|---|---|
| libreswan-3.15-6.3.el7_2.src.rpm | SHA-256: a74b7d5351594a9cee9cd53d4ec1b14634c83266ea3920e55e19b4738277d31d |
| x86_64 | |
| libreswan-3.15-6.3.el7_2.x86_64.rpm | SHA-256: 5451037fb767587622a02ab2e89132d4c2626c93948040d2716acb37fbde68e4 |
| libreswan-debuginfo-3.15-6.3.el7_2.x86_64.rpm | SHA-256: 08c8c28dd4b99443540320769e7413d483d08f4e26c0f1aa4df732e03fae26b1 |
Red Hat Enterprise Linux Server - AUS 7.2
| SRPM | |
|---|---|
| libreswan-3.15-6.3.el7_2.src.rpm | SHA-256: a74b7d5351594a9cee9cd53d4ec1b14634c83266ea3920e55e19b4738277d31d |
| x86_64 | |
| libreswan-3.15-6.3.el7_2.x86_64.rpm | SHA-256: 5451037fb767587622a02ab2e89132d4c2626c93948040d2716acb37fbde68e4 |
| libreswan-debuginfo-3.15-6.3.el7_2.x86_64.rpm | SHA-256: 08c8c28dd4b99443540320769e7413d483d08f4e26c0f1aa4df732e03fae26b1 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.2
| SRPM | |
|---|---|
| libreswan-3.15-6.3.el7_2.src.rpm | SHA-256: a74b7d5351594a9cee9cd53d4ec1b14634c83266ea3920e55e19b4738277d31d |
| s390x | |
| libreswan-3.15-6.3.el7_2.s390x.rpm | SHA-256: 998d2b2a1b4ede99fd528f2316d0de1f5792a6b92834605ca04013b9e9c00df2 |
| libreswan-debuginfo-3.15-6.3.el7_2.s390x.rpm | SHA-256: a0b570420b7385d2005e8ae10325f3946435aa2303b5fde81a52ec05507b9004 |
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.2
| SRPM | |
|---|---|
| libreswan-3.15-6.3.el7_2.src.rpm | SHA-256: a74b7d5351594a9cee9cd53d4ec1b14634c83266ea3920e55e19b4738277d31d |
| ppc64 | |
| libreswan-3.15-6.3.el7_2.ppc64.rpm | SHA-256: 83a72048a0ccca420797c914829b871ea1f393b8a27d33621039eb420223b937 |
| libreswan-debuginfo-3.15-6.3.el7_2.ppc64.rpm | SHA-256: 41bcd557652466858c2f67a545ff46030b686cfe936396856b2ed7f7d8bc55c4 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.2
| SRPM | |
|---|---|
| libreswan-3.15-6.3.el7_2.src.rpm | SHA-256: a74b7d5351594a9cee9cd53d4ec1b14634c83266ea3920e55e19b4738277d31d |
| ppc64le | |
| libreswan-3.15-6.3.el7_2.ppc64le.rpm | SHA-256: 2d8cf8c3f1ebea3686b0d8daeafc480f47551ad2fdb0dd87340098ddde01e452 |
| libreswan-debuginfo-3.15-6.3.el7_2.ppc64le.rpm | SHA-256: db21cad7184f794fb94c0d9a77b644f578b506436c162afadf0b93bc55d3d2f4 |
Red Hat Enterprise Linux Server - TUS 7.2
| SRPM | |
|---|---|
| libreswan-3.15-6.3.el7_2.src.rpm | SHA-256: a74b7d5351594a9cee9cd53d4ec1b14634c83266ea3920e55e19b4738277d31d |
| x86_64 | |
| libreswan-3.15-6.3.el7_2.x86_64.rpm | SHA-256: 5451037fb767587622a02ab2e89132d4c2626c93948040d2716acb37fbde68e4 |
| libreswan-debuginfo-3.15-6.3.el7_2.x86_64.rpm | SHA-256: 08c8c28dd4b99443540320769e7413d483d08f4e26c0f1aa4df732e03fae26b1 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.2
| SRPM | |
|---|---|
| libreswan-3.15-6.3.el7_2.src.rpm | SHA-256: a74b7d5351594a9cee9cd53d4ec1b14634c83266ea3920e55e19b4738277d31d |
| x86_64 | |
| libreswan-3.15-6.3.el7_2.x86_64.rpm | SHA-256: 5451037fb767587622a02ab2e89132d4c2626c93948040d2716acb37fbde68e4 |
| libreswan-debuginfo-3.15-6.3.el7_2.x86_64.rpm | SHA-256: 08c8c28dd4b99443540320769e7413d483d08f4e26c0f1aa4df732e03fae26b1 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
