Red Hat Product Errata RHBA-2018:0932 - Bug Fix Advisory
Issued:
2018-04-10
Updated:
2018-04-10

RHBA-2018:0932 - Bug Fix Advisory

Synopsis

libreswan bug fix and enhancement update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libreswan is now available for Red Hat Enterprise Linux 7.

Description

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.

Users of libreswan are advised to upgrade to these updated packages.

Solution

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.7 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

  • BZ - 1136076 - After IKE rekeying Pluto sends DPD even if there is active SA
  • BZ - 1300759 - Implement RFC-7427 Digital Signature authentication.
  • BZ - 1300763 - Implement draft-ietf-ipsecme-split-dns for libreswan
  • BZ - 1324421 - libreswan works not well when setting leftid field to be email address
  • BZ - 1375750 - SECCOMP support for libreswan
  • BZ - 1375776 - [IKEv2 Conformance] Test IKEv2.EN.R.1.2.2.1: Receipt of retransmitted CREATE_CHILD_SA reques failed
  • BZ - 1457904 - rebase libreswan to 3.23
  • BZ - 1471553 - libreswan postquantum preshared key (PPK) support
  • BZ - 1471763 - RFE: libreswan MOBIKE support (RFC-4555)
  • BZ - 1492501 - Reboot or 'systemctl stop ipsec' brings down _ethernet_ interfaces on _both_ ends of ipv4 ipsec tunnel !!!

CVEs

(none)

Red Hat Enterprise Linux Server 7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
x86_64
libreswan-3.23-3.el7.x86_64.rpm SHA-256: 7e2926660b7b2d8b086316fd96a1dc35106e1661ebec4440bb53b7bf2c910955
libreswan-debuginfo-3.23-3.el7.x86_64.rpm SHA-256: 89aa33999fafe66cbc6a5648f22326f652f1c5f43c1518ca5330c1663a637fcc

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
x86_64
libreswan-3.23-3.el7.x86_64.rpm SHA-256: 7e2926660b7b2d8b086316fd96a1dc35106e1661ebec4440bb53b7bf2c910955
libreswan-debuginfo-3.23-3.el7.x86_64.rpm SHA-256: 89aa33999fafe66cbc6a5648f22326f652f1c5f43c1518ca5330c1663a637fcc

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
x86_64
libreswan-3.23-3.el7.x86_64.rpm SHA-256: 7e2926660b7b2d8b086316fd96a1dc35106e1661ebec4440bb53b7bf2c910955
libreswan-debuginfo-3.23-3.el7.x86_64.rpm SHA-256: 89aa33999fafe66cbc6a5648f22326f652f1c5f43c1518ca5330c1663a637fcc

Red Hat Enterprise Linux Server - AUS 7.7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
x86_64
libreswan-3.23-3.el7.x86_64.rpm SHA-256: 7e2926660b7b2d8b086316fd96a1dc35106e1661ebec4440bb53b7bf2c910955
libreswan-debuginfo-3.23-3.el7.x86_64.rpm SHA-256: 89aa33999fafe66cbc6a5648f22326f652f1c5f43c1518ca5330c1663a637fcc

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
x86_64
libreswan-3.23-3.el7.x86_64.rpm SHA-256: 7e2926660b7b2d8b086316fd96a1dc35106e1661ebec4440bb53b7bf2c910955
libreswan-debuginfo-3.23-3.el7.x86_64.rpm SHA-256: 89aa33999fafe66cbc6a5648f22326f652f1c5f43c1518ca5330c1663a637fcc

Red Hat Enterprise Linux Workstation 7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
x86_64
libreswan-3.23-3.el7.x86_64.rpm SHA-256: 7e2926660b7b2d8b086316fd96a1dc35106e1661ebec4440bb53b7bf2c910955
libreswan-debuginfo-3.23-3.el7.x86_64.rpm SHA-256: 89aa33999fafe66cbc6a5648f22326f652f1c5f43c1518ca5330c1663a637fcc

Red Hat Enterprise Linux Desktop 7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
x86_64
libreswan-3.23-3.el7.x86_64.rpm SHA-256: 7e2926660b7b2d8b086316fd96a1dc35106e1661ebec4440bb53b7bf2c910955
libreswan-debuginfo-3.23-3.el7.x86_64.rpm SHA-256: 89aa33999fafe66cbc6a5648f22326f652f1c5f43c1518ca5330c1663a637fcc

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
s390x
libreswan-3.23-3.el7.s390x.rpm SHA-256: 33dc09c4d2cbcc9914a3d26852100a29b6bd4e1a98277625a6ae6ba1e71718bd
libreswan-debuginfo-3.23-3.el7.s390x.rpm SHA-256: e74f22e29efaa44b1c5f570ab0ee1c52e9337d684094f9a18824c122914bc50a

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
s390x
libreswan-3.23-3.el7.s390x.rpm SHA-256: 33dc09c4d2cbcc9914a3d26852100a29b6bd4e1a98277625a6ae6ba1e71718bd
libreswan-debuginfo-3.23-3.el7.s390x.rpm SHA-256: e74f22e29efaa44b1c5f570ab0ee1c52e9337d684094f9a18824c122914bc50a

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
s390x
libreswan-3.23-3.el7.s390x.rpm SHA-256: 33dc09c4d2cbcc9914a3d26852100a29b6bd4e1a98277625a6ae6ba1e71718bd
libreswan-debuginfo-3.23-3.el7.s390x.rpm SHA-256: e74f22e29efaa44b1c5f570ab0ee1c52e9337d684094f9a18824c122914bc50a

Red Hat Enterprise Linux for Power, big endian 7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
ppc64
libreswan-3.23-3.el7.ppc64.rpm SHA-256: fbbf1994f7b8c45c3c4cb907bf656ab885938f443cf7164ba726788779f2a46d
libreswan-debuginfo-3.23-3.el7.ppc64.rpm SHA-256: 0eb6fff7c67c6fd6849c24c6b9c46e06ca74aad59e193c6b4f7176fc8ac396ce

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
ppc64
libreswan-3.23-3.el7.ppc64.rpm SHA-256: fbbf1994f7b8c45c3c4cb907bf656ab885938f443cf7164ba726788779f2a46d
libreswan-debuginfo-3.23-3.el7.ppc64.rpm SHA-256: 0eb6fff7c67c6fd6849c24c6b9c46e06ca74aad59e193c6b4f7176fc8ac396ce

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
ppc64
libreswan-3.23-3.el7.ppc64.rpm SHA-256: fbbf1994f7b8c45c3c4cb907bf656ab885938f443cf7164ba726788779f2a46d
libreswan-debuginfo-3.23-3.el7.ppc64.rpm SHA-256: 0eb6fff7c67c6fd6849c24c6b9c46e06ca74aad59e193c6b4f7176fc8ac396ce

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
ppc64le
libreswan-3.23-3.el7.ppc64le.rpm SHA-256: 4497ca9a50d1651eccbac0a32c6cd326c05f1ffb79d2594ffc9e572e11bc8c13
libreswan-debuginfo-3.23-3.el7.ppc64le.rpm SHA-256: 750eba5a45b868b0d82405e70d56d72b3c99fc3cb729236be2998518ac82eddc

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
ppc64le
libreswan-3.23-3.el7.ppc64le.rpm SHA-256: 4497ca9a50d1651eccbac0a32c6cd326c05f1ffb79d2594ffc9e572e11bc8c13
libreswan-debuginfo-3.23-3.el7.ppc64le.rpm SHA-256: 750eba5a45b868b0d82405e70d56d72b3c99fc3cb729236be2998518ac82eddc

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
ppc64le
libreswan-3.23-3.el7.ppc64le.rpm SHA-256: 4497ca9a50d1651eccbac0a32c6cd326c05f1ffb79d2594ffc9e572e11bc8c13
libreswan-debuginfo-3.23-3.el7.ppc64le.rpm SHA-256: 750eba5a45b868b0d82405e70d56d72b3c99fc3cb729236be2998518ac82eddc

Red Hat Enterprise Linux Server - TUS 7.7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
x86_64
libreswan-3.23-3.el7.x86_64.rpm SHA-256: 7e2926660b7b2d8b086316fd96a1dc35106e1661ebec4440bb53b7bf2c910955
libreswan-debuginfo-3.23-3.el7.x86_64.rpm SHA-256: 89aa33999fafe66cbc6a5648f22326f652f1c5f43c1518ca5330c1663a637fcc

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
x86_64
libreswan-3.23-3.el7.x86_64.rpm SHA-256: 7e2926660b7b2d8b086316fd96a1dc35106e1661ebec4440bb53b7bf2c910955
libreswan-debuginfo-3.23-3.el7.x86_64.rpm SHA-256: 89aa33999fafe66cbc6a5648f22326f652f1c5f43c1518ca5330c1663a637fcc

Red Hat Enterprise Linux for ARM 64 7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
aarch64
libreswan-3.23-3.el7.aarch64.rpm SHA-256: 0146e5adcd42d57ac41cf6be84b85097892aed9eb77d0c83d272dbf229dc7b28
libreswan-debuginfo-3.23-3.el7.aarch64.rpm SHA-256: f22be19f4487999fbacbc665ca8f39b3be12a00a230891f29486c95e5c91e1f2

Red Hat Enterprise Linux for Power 9 7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
ppc64le
libreswan-3.23-3.el7.ppc64le.rpm SHA-256: 4497ca9a50d1651eccbac0a32c6cd326c05f1ffb79d2594ffc9e572e11bc8c13
libreswan-debuginfo-3.23-3.el7.ppc64le.rpm SHA-256: 750eba5a45b868b0d82405e70d56d72b3c99fc3cb729236be2998518ac82eddc

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
ppc64le
libreswan-3.23-3.el7.ppc64le.rpm SHA-256: 4497ca9a50d1651eccbac0a32c6cd326c05f1ffb79d2594ffc9e572e11bc8c13
libreswan-debuginfo-3.23-3.el7.ppc64le.rpm SHA-256: 750eba5a45b868b0d82405e70d56d72b3c99fc3cb729236be2998518ac82eddc

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
ppc64le
libreswan-3.23-3.el7.ppc64le.rpm SHA-256: 4497ca9a50d1651eccbac0a32c6cd326c05f1ffb79d2594ffc9e572e11bc8c13
libreswan-debuginfo-3.23-3.el7.ppc64le.rpm SHA-256: 750eba5a45b868b0d82405e70d56d72b3c99fc3cb729236be2998518ac82eddc

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
x86_64
libreswan-3.23-3.el7.x86_64.rpm SHA-256: 7e2926660b7b2d8b086316fd96a1dc35106e1661ebec4440bb53b7bf2c910955
libreswan-debuginfo-3.23-3.el7.x86_64.rpm SHA-256: 89aa33999fafe66cbc6a5648f22326f652f1c5f43c1518ca5330c1663a637fcc

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
x86_64
libreswan-3.23-3.el7.x86_64.rpm SHA-256: 7e2926660b7b2d8b086316fd96a1dc35106e1661ebec4440bb53b7bf2c910955
libreswan-debuginfo-3.23-3.el7.x86_64.rpm SHA-256: 89aa33999fafe66cbc6a5648f22326f652f1c5f43c1518ca5330c1663a637fcc

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
libreswan-3.23-3.el7.src.rpm SHA-256: 4ab3b389a1abfc2fe22389e968e9f956931c8b84c795c82855d47bcee7e974d1
s390x
libreswan-3.23-3.el7.s390x.rpm SHA-256: 33dc09c4d2cbcc9914a3d26852100a29b6bd4e1a98277625a6ae6ba1e71718bd
libreswan-debuginfo-3.23-3.el7.s390x.rpm SHA-256: e74f22e29efaa44b1c5f570ab0ee1c52e9337d684094f9a18824c122914bc50a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.