Red Hat Product Errata RHBA-2019:1332 - Bug Fix Advisory
Issued:
2019-06-04
Updated:
2019-06-04

RHBA-2019:1332 - Bug Fix Advisory

Synopsis

libreswan bug fix update

Type/Severity

Bug Fix Advisory

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated libreswan packages that fix several bugs are now available for Red Hat Enterprise Linux 7.

Description

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).

This update fixes the following bugs:

  • Libreswan crash upon receiving ISAKMP_NEXT_D with appended ISAKMP_NEXT_N (BZ#1672921)
  • libreswan using NSS IPsec profiles regresses when critical flags are set causing validation failure (BZ#1680483)
  • Opportunistic IPsec instances of /32 groups or auto=start that receive delete won't restart (BZ#1683577)
  • IKEv1 traffic interruption when responder deletes SAs 60 seconds before EVENT_SA_REPLACE (BZ#1708060)

Users of libreswan are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1680483 - libreswan using NSS IPsec profiles regresses when critical flags are set causing validation failure [rhel-7.6.z]

CVEs

(none)

References

(none)

Red Hat Enterprise Linux Server 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
x86_64
libreswan-3.25-4.8.el7_6.x86_64.rpm SHA-256: 1cfd29b9dba17f27f89644803f469ff8c294baa1264e2a8bdabf082239cc22c7
libreswan-debuginfo-3.25-4.8.el7_6.x86_64.rpm SHA-256: d1d08c6d752d1a7d42ee14cc68a659d283fc36f745a029b0bd0daf7056541c4d

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
x86_64
libreswan-3.25-4.8.el7_6.x86_64.rpm SHA-256: 1cfd29b9dba17f27f89644803f469ff8c294baa1264e2a8bdabf082239cc22c7
libreswan-debuginfo-3.25-4.8.el7_6.x86_64.rpm SHA-256: d1d08c6d752d1a7d42ee14cc68a659d283fc36f745a029b0bd0daf7056541c4d

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
x86_64
libreswan-3.25-4.8.el7_6.x86_64.rpm SHA-256: 1cfd29b9dba17f27f89644803f469ff8c294baa1264e2a8bdabf082239cc22c7
libreswan-debuginfo-3.25-4.8.el7_6.x86_64.rpm SHA-256: d1d08c6d752d1a7d42ee14cc68a659d283fc36f745a029b0bd0daf7056541c4d

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
x86_64
libreswan-3.25-4.8.el7_6.x86_64.rpm SHA-256: 1cfd29b9dba17f27f89644803f469ff8c294baa1264e2a8bdabf082239cc22c7
libreswan-debuginfo-3.25-4.8.el7_6.x86_64.rpm SHA-256: d1d08c6d752d1a7d42ee14cc68a659d283fc36f745a029b0bd0daf7056541c4d

Red Hat Enterprise Linux Workstation 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
x86_64
libreswan-3.25-4.8.el7_6.x86_64.rpm SHA-256: 1cfd29b9dba17f27f89644803f469ff8c294baa1264e2a8bdabf082239cc22c7
libreswan-debuginfo-3.25-4.8.el7_6.x86_64.rpm SHA-256: d1d08c6d752d1a7d42ee14cc68a659d283fc36f745a029b0bd0daf7056541c4d

Red Hat Enterprise Linux Desktop 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
x86_64
libreswan-3.25-4.8.el7_6.x86_64.rpm SHA-256: 1cfd29b9dba17f27f89644803f469ff8c294baa1264e2a8bdabf082239cc22c7
libreswan-debuginfo-3.25-4.8.el7_6.x86_64.rpm SHA-256: d1d08c6d752d1a7d42ee14cc68a659d283fc36f745a029b0bd0daf7056541c4d

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
s390x
libreswan-3.25-4.8.el7_6.s390x.rpm SHA-256: 861765aed78b15fc53c8f9d020782ec24d3f9af7d8eb4c9eacf49e536e4e05f0
libreswan-debuginfo-3.25-4.8.el7_6.s390x.rpm SHA-256: 110f32b204afe6a9c1ccf8675d0b0fd6a522fda0316240e90bfa8df7d9b5b984

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
s390x
libreswan-3.25-4.8.el7_6.s390x.rpm SHA-256: 861765aed78b15fc53c8f9d020782ec24d3f9af7d8eb4c9eacf49e536e4e05f0
libreswan-debuginfo-3.25-4.8.el7_6.s390x.rpm SHA-256: 110f32b204afe6a9c1ccf8675d0b0fd6a522fda0316240e90bfa8df7d9b5b984

Red Hat Enterprise Linux for Power, big endian 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
ppc64
libreswan-3.25-4.8.el7_6.ppc64.rpm SHA-256: 586436ff247b88d034bb460f7117d82cdc8a8af925fac6fafdbdde3c26460872
libreswan-debuginfo-3.25-4.8.el7_6.ppc64.rpm SHA-256: c5ddaf4c3e5fee4386fd2bf321e6e2f46e9000ceeaa4f9d20a64add4f23ce4ce

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
ppc64
libreswan-3.25-4.8.el7_6.ppc64.rpm SHA-256: 586436ff247b88d034bb460f7117d82cdc8a8af925fac6fafdbdde3c26460872
libreswan-debuginfo-3.25-4.8.el7_6.ppc64.rpm SHA-256: c5ddaf4c3e5fee4386fd2bf321e6e2f46e9000ceeaa4f9d20a64add4f23ce4ce

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
ppc64le
libreswan-3.25-4.8.el7_6.ppc64le.rpm SHA-256: 38d37cfe8d4a946ba890ded9a644cd310112d17439dd93928235a1718f85e742
libreswan-debuginfo-3.25-4.8.el7_6.ppc64le.rpm SHA-256: a024599f3b8b017e8b1da57b8cd6cb53bbbb304998f10e0f3015a022774d3de4

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
ppc64le
libreswan-3.25-4.8.el7_6.ppc64le.rpm SHA-256: 38d37cfe8d4a946ba890ded9a644cd310112d17439dd93928235a1718f85e742
libreswan-debuginfo-3.25-4.8.el7_6.ppc64le.rpm SHA-256: a024599f3b8b017e8b1da57b8cd6cb53bbbb304998f10e0f3015a022774d3de4

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
x86_64
libreswan-3.25-4.8.el7_6.x86_64.rpm SHA-256: 1cfd29b9dba17f27f89644803f469ff8c294baa1264e2a8bdabf082239cc22c7
libreswan-debuginfo-3.25-4.8.el7_6.x86_64.rpm SHA-256: d1d08c6d752d1a7d42ee14cc68a659d283fc36f745a029b0bd0daf7056541c4d

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
s390x
libreswan-3.25-4.8.el7_6.s390x.rpm SHA-256: 861765aed78b15fc53c8f9d020782ec24d3f9af7d8eb4c9eacf49e536e4e05f0
libreswan-debuginfo-3.25-4.8.el7_6.s390x.rpm SHA-256: 110f32b204afe6a9c1ccf8675d0b0fd6a522fda0316240e90bfa8df7d9b5b984

Red Hat Enterprise Linux for ARM 64 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
aarch64
libreswan-3.25-4.8.el7_6.aarch64.rpm SHA-256: 157572d3952ceb4bbd4b91f5513ed5f5e0d78c47e194c4793aff6c15420d0fc2
libreswan-debuginfo-3.25-4.8.el7_6.aarch64.rpm SHA-256: c0c0b657366bba0716d0d657802943121f9666effe9be053f36a0f723e8d4ccc

Red Hat Enterprise Linux for Power 9 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
ppc64le
libreswan-3.25-4.8.el7_6.ppc64le.rpm SHA-256: 38d37cfe8d4a946ba890ded9a644cd310112d17439dd93928235a1718f85e742
libreswan-debuginfo-3.25-4.8.el7_6.ppc64le.rpm SHA-256: a024599f3b8b017e8b1da57b8cd6cb53bbbb304998f10e0f3015a022774d3de4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
ppc64le
libreswan-3.25-4.8.el7_6.ppc64le.rpm SHA-256: 38d37cfe8d4a946ba890ded9a644cd310112d17439dd93928235a1718f85e742
libreswan-debuginfo-3.25-4.8.el7_6.ppc64le.rpm SHA-256: a024599f3b8b017e8b1da57b8cd6cb53bbbb304998f10e0f3015a022774d3de4

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
x86_64
libreswan-3.25-4.8.el7_6.x86_64.rpm SHA-256: 1cfd29b9dba17f27f89644803f469ff8c294baa1264e2a8bdabf082239cc22c7
libreswan-debuginfo-3.25-4.8.el7_6.x86_64.rpm SHA-256: d1d08c6d752d1a7d42ee14cc68a659d283fc36f745a029b0bd0daf7056541c4d

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
s390x
libreswan-3.25-4.8.el7_6.s390x.rpm SHA-256: 861765aed78b15fc53c8f9d020782ec24d3f9af7d8eb4c9eacf49e536e4e05f0
libreswan-debuginfo-3.25-4.8.el7_6.s390x.rpm SHA-256: 110f32b204afe6a9c1ccf8675d0b0fd6a522fda0316240e90bfa8df7d9b5b984

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
ppc64
libreswan-3.25-4.8.el7_6.ppc64.rpm SHA-256: 586436ff247b88d034bb460f7117d82cdc8a8af925fac6fafdbdde3c26460872
libreswan-debuginfo-3.25-4.8.el7_6.ppc64.rpm SHA-256: c5ddaf4c3e5fee4386fd2bf321e6e2f46e9000ceeaa4f9d20a64add4f23ce4ce

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
libreswan-3.25-4.8.el7_6.src.rpm SHA-256: 0270a06992cc63e6b4593a3011a62c534a52d788b2325b48557a903d75ad154b
ppc64le
libreswan-3.25-4.8.el7_6.ppc64le.rpm SHA-256: 38d37cfe8d4a946ba890ded9a644cd310112d17439dd93928235a1718f85e742
libreswan-debuginfo-3.25-4.8.el7_6.ppc64le.rpm SHA-256: a024599f3b8b017e8b1da57b8cd6cb53bbbb304998f10e0f3015a022774d3de4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.