Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2010:0892 - Security Advisory
Issued:
2010-11-16
Updated:
2010-11-16

RHSA-2010:0892 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openswan security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openswan packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks.

Two buffer overflow flaws were found in the Openswan client-side XAUTH
handling code used when connecting to certain Cisco gateways. A malicious
or compromised VPN gateway could use these flaws to execute arbitrary code
on the connecting Openswan client. (CVE-2010-3302, CVE-2010-3308)

Two input sanitization flaws were found in the Openswan client-side
handling of Cisco gateway banners. A malicious or compromised VPN gateway
could use these flaws to execute arbitrary code on the connecting Openswan
client. (CVE-2010-3752, CVE-2010-3753)

Red Hat would like to thank the Openswan project for reporting these
issues. Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the
original reporters.

All users of openswan are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
this update, the ipsec service will be restarted automatically.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

  • BZ - 634264 - CVE-2010-3302 openswan: buffer overflow vulnerability in XAUTH client-side support
  • BZ - 637924 - CVE-2010-3308 Openswan cisco banner option handling vulnerability
  • BZ - 640711 - CVE-2010-3752 Openswan: Gateway arbitrary code execution via shell metacharacters in cisco_dns_info or cisco_domain_info data in packet
  • BZ - 640715 - CVE-2010-3753 Openswan: Gateway arbitrary execution via shell metacharacters in the cisco_banner

CVEs

  • CVE-2010-3302
  • CVE-2010-3753
  • CVE-2010-3308
  • CVE-2010-3752

References

  • http://www.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux Workstation 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux Desktop 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
s390x
openswan-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3dbcc3730ecf40d77a75407d6a20d60062a7d0593bd8835850c7f53983bb302d
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-doc-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 6b72271e850146a5fd23ee69c9c8355de1508e48b25ec2763242ac0a2ff90838

Red Hat Enterprise Linux for Power, big endian 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
ppc64
openswan-2.6.24-8.el6_0.1.ppc64.rpm SHA-256: 43090f57f4c1385da58e54ec56a5f3bfce5f9d1102ed3946e3d369122fdcf7df
openswan-debuginfo-2.6.24-8.el6_0.1.ppc64.rpm SHA-256: 900a11e3ca52c09e8cd67e6a930c96650166e6565b7152e1d5d8b992685f9078
openswan-debuginfo-2.6.24-8.el6_0.1.ppc64.rpm SHA-256: 900a11e3ca52c09e8cd67e6a930c96650166e6565b7152e1d5d8b992685f9078
openswan-doc-2.6.24-8.el6_0.1.ppc64.rpm SHA-256: 16d37cec3df4112aea6a6beac78db2c82c2722021cc12f1cc657b903983e2d4f

Red Hat Enterprise Linux Server from RHUI 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
s390x
openswan-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3dbcc3730ecf40d77a75407d6a20d60062a7d0593bd8835850c7f53983bb302d
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-doc-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 6b72271e850146a5fd23ee69c9c8355de1508e48b25ec2763242ac0a2ff90838

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
s390x
openswan-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3dbcc3730ecf40d77a75407d6a20d60062a7d0593bd8835850c7f53983bb302d
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-doc-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 6b72271e850146a5fd23ee69c9c8355de1508e48b25ec2763242ac0a2ff90838

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat X (formerly Twitter)

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility