Red Hat Product Errata RHSA-2009:1138 - Security Advisory

Issued:: 2009-07-02
Updated:: 2009-07-02

RHSA-2009:1138 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openswan security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openswan packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. Everything passing through
the untrusted network is encrypted by the IPsec gateway machine, and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network (VPN).

Multiple insufficient input validation flaws were found in the way
Openswan's pluto IKE daemon processed some fields of X.509 certificates. A
remote attacker could provide a specially-crafted X.509 certificate that
would crash the pluto daemon. (CVE-2009-2185)

All users of openswan are advised to upgrade to these updated packages,
which contain a backported patch to correct these issues. After installing
this update, the ipsec service will be restarted automatically.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3 i386
Red Hat Enterprise Linux Server - AUS 5.3 x86_64
Red Hat Enterprise Linux Server - AUS 5.3 ia64
Red Hat Enterprise Linux Server - AUS 5.3 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 507362 - CVE-2009-2185 Openswan ASN.1 parser vulnerability

CVEs

CVE-2009-2185

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
openswan-2.6.14-1.el5_3.3.src.rpm	SHA-256: 96bcf070b715c5d29b11d171bc1696ce1f6ebb9e6683f6b28be6e4373ef61773
x86_64
openswan-2.6.14-1.el5_3.3.x86_64.rpm	SHA-256: 08e688f469bcd6b9d154dc3c5c4d1db33cfe5e487816e1c0ec01ea3d97ecde17
openswan-doc-2.6.14-1.el5_3.3.x86_64.rpm	SHA-256: 75443f895fc175754819de5c104e69a01b1e493666cc2c80f83591b705910a19
ia64
openswan-2.6.14-1.el5_3.3.ia64.rpm	SHA-256: faa92ac70819c4d755e9b0bca8ac199128188239e0254f05d732cf8820f7d1c7
openswan-doc-2.6.14-1.el5_3.3.ia64.rpm	SHA-256: f0695f7e41592ae51cd96f7cc0da391d038d508371b88c1768e9faa76e6cf4fe
i386
openswan-2.6.14-1.el5_3.3.i386.rpm	SHA-256: 86a363e18af8573607a12ea302eb751930b11e294588e207248ba51187905f49
openswan-doc-2.6.14-1.el5_3.3.i386.rpm	SHA-256: 2f46aac864ac7a04a10931333822a6c6475dc4b286f74125e6fc5ec5861def6b

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Server - AUS 5.3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
openswan-2.6.14-1.el5_3.3.src.rpm	SHA-256: 96bcf070b715c5d29b11d171bc1696ce1f6ebb9e6683f6b28be6e4373ef61773
x86_64
openswan-2.6.14-1.el5_3.3.x86_64.rpm	SHA-256: 08e688f469bcd6b9d154dc3c5c4d1db33cfe5e487816e1c0ec01ea3d97ecde17
openswan-doc-2.6.14-1.el5_3.3.x86_64.rpm	SHA-256: 75443f895fc175754819de5c104e69a01b1e493666cc2c80f83591b705910a19
i386
openswan-2.6.14-1.el5_3.3.i386.rpm	SHA-256: 86a363e18af8573607a12ea302eb751930b11e294588e207248ba51187905f49
openswan-doc-2.6.14-1.el5_3.3.i386.rpm	SHA-256: 2f46aac864ac7a04a10931333822a6c6475dc4b286f74125e6fc5ec5861def6b

Red Hat Enterprise Linux Desktop 5

SRPM
openswan-2.6.14-1.el5_3.3.src.rpm	SHA-256: 96bcf070b715c5d29b11d171bc1696ce1f6ebb9e6683f6b28be6e4373ef61773
x86_64
openswan-2.6.14-1.el5_3.3.x86_64.rpm	SHA-256: 08e688f469bcd6b9d154dc3c5c4d1db33cfe5e487816e1c0ec01ea3d97ecde17
openswan-doc-2.6.14-1.el5_3.3.x86_64.rpm	SHA-256: 75443f895fc175754819de5c104e69a01b1e493666cc2c80f83591b705910a19
i386
openswan-2.6.14-1.el5_3.3.i386.rpm	SHA-256: 86a363e18af8573607a12ea302eb751930b11e294588e207248ba51187905f49
openswan-doc-2.6.14-1.el5_3.3.i386.rpm	SHA-256: 2f46aac864ac7a04a10931333822a6c6475dc4b286f74125e6fc5ec5861def6b

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
openswan-2.6.14-1.el5_3.3.src.rpm	SHA-256: 96bcf070b715c5d29b11d171bc1696ce1f6ebb9e6683f6b28be6e4373ef61773
s390x
openswan-2.6.14-1.el5_3.3.s390x.rpm	SHA-256: 656fbb7ad09c172dd78764a428c9067901d2cdc2c87e628f39ed5ae478daf12b
openswan-doc-2.6.14-1.el5_3.3.s390x.rpm	SHA-256: 3138f07665b0382e31f719206c13f78ce17a1c8f015bd35e470c483093b946e8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
openswan-2.6.14-1.el5_3.3.src.rpm	SHA-256: 96bcf070b715c5d29b11d171bc1696ce1f6ebb9e6683f6b28be6e4373ef61773
ppc
openswan-2.6.14-1.el5_3.3.ppc.rpm	SHA-256: 2f0c5dee8e1029a0f91d5255cec2b8afaad183570950e14173ba51eb85c5ab0f
openswan-doc-2.6.14-1.el5_3.3.ppc.rpm	SHA-256: 297cac3a828629d13fcbaa538c9dc840cd1265ef9b34f6708f10e12c6828645b

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3

SRPM
ppc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
openswan-2.6.14-1.el5_3.3.src.rpm	SHA-256: 96bcf070b715c5d29b11d171bc1696ce1f6ebb9e6683f6b28be6e4373ef61773
x86_64
openswan-2.6.14-1.el5_3.3.x86_64.rpm	SHA-256: 08e688f469bcd6b9d154dc3c5c4d1db33cfe5e487816e1c0ec01ea3d97ecde17
openswan-doc-2.6.14-1.el5_3.3.x86_64.rpm	SHA-256: 75443f895fc175754819de5c104e69a01b1e493666cc2c80f83591b705910a19
i386
openswan-2.6.14-1.el5_3.3.i386.rpm	SHA-256: 86a363e18af8573607a12ea302eb751930b11e294588e207248ba51187905f49
openswan-doc-2.6.14-1.el5_3.3.i386.rpm	SHA-256: 2f46aac864ac7a04a10931333822a6c6475dc4b286f74125e6fc5ec5861def6b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories