Red Hat Product Errata RHSA-2010:0892 - Security Advisory
Issued:
2010-11-16
Updated:
2010-11-16

RHSA-2010:0892 - Security Advisory

Synopsis

Moderate: openswan security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated openswan packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks.

Two buffer overflow flaws were found in the Openswan client-side XAUTH
handling code used when connecting to certain Cisco gateways. A malicious
or compromised VPN gateway could use these flaws to execute arbitrary code
on the connecting Openswan client. (CVE-2010-3302, CVE-2010-3308)

Two input sanitization flaws were found in the Openswan client-side
handling of Cisco gateway banners. A malicious or compromised VPN gateway
could use these flaws to execute arbitrary code on the connecting Openswan
client. (CVE-2010-3752, CVE-2010-3753)

Red Hat would like to thank the Openswan project for reporting these
issues. Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the
original reporters.

All users of openswan are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
this update, the ipsec service will be restarted automatically.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

  • BZ - 634264 - CVE-2010-3302 openswan: buffer overflow vulnerability in XAUTH client-side support
  • BZ - 637924 - CVE-2010-3308 Openswan cisco banner option handling vulnerability
  • BZ - 640711 - CVE-2010-3752 Openswan: Gateway arbitrary code execution via shell metacharacters in cisco_dns_info or cisco_domain_info data in packet
  • BZ - 640715 - CVE-2010-3753 Openswan: Gateway arbitrary execution via shell metacharacters in the cisco_banner

Red Hat Enterprise Linux Server 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux Workstation 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux Desktop 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
s390x
openswan-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3dbcc3730ecf40d77a75407d6a20d60062a7d0593bd8835850c7f53983bb302d
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-doc-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 6b72271e850146a5fd23ee69c9c8355de1508e48b25ec2763242ac0a2ff90838

Red Hat Enterprise Linux for Power, big endian 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
ppc64
openswan-2.6.24-8.el6_0.1.ppc64.rpm SHA-256: 43090f57f4c1385da58e54ec56a5f3bfce5f9d1102ed3946e3d369122fdcf7df
openswan-debuginfo-2.6.24-8.el6_0.1.ppc64.rpm SHA-256: 900a11e3ca52c09e8cd67e6a930c96650166e6565b7152e1d5d8b992685f9078
openswan-debuginfo-2.6.24-8.el6_0.1.ppc64.rpm SHA-256: 900a11e3ca52c09e8cd67e6a930c96650166e6565b7152e1d5d8b992685f9078
openswan-doc-2.6.24-8.el6_0.1.ppc64.rpm SHA-256: 16d37cec3df4112aea6a6beac78db2c82c2722021cc12f1cc657b903983e2d4f

Red Hat Enterprise Linux Server from RHUI 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
s390x
openswan-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3dbcc3730ecf40d77a75407d6a20d60062a7d0593bd8835850c7f53983bb302d
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-doc-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 6b72271e850146a5fd23ee69c9c8355de1508e48b25ec2763242ac0a2ff90838

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
x86_64
openswan-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: b7f2f53b5b976f372a9072ecad9c327dfbe5026f274708b8f0076a89e34b9467
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-debuginfo-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: a00b7cbda30828fd7983d7b44d66f5ab1d237397f62a233c5ad83c9bd9239dc3
openswan-doc-2.6.24-8.el6_0.1.x86_64.rpm SHA-256: db1149909827e98fc74a544447086537e17d72e0f0bf1c21c7254f5af03ab24c
i386
openswan-2.6.24-8.el6_0.1.i686.rpm SHA-256: 55526656f743cf0ce1fc0687e11b72a68125375d97178d90b9ee59c657b4e314
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-debuginfo-2.6.24-8.el6_0.1.i686.rpm SHA-256: 60c1448d1d9e7a7aa86f93f8e7d3384234d2a1e7e775cda14d2784524cd3035d
openswan-doc-2.6.24-8.el6_0.1.i686.rpm SHA-256: fa8ec6e86be124c9a7de72d16499c7030784aa9fda2593bb709f1f9465ba6324

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6

SRPM
openswan-2.6.24-8.el6_0.1.src.rpm SHA-256: fd56f81e7f46f5eb914a9c785bca52e4b6e8bf77bb1c4e573624d4d60026b6bc
s390x
openswan-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3dbcc3730ecf40d77a75407d6a20d60062a7d0593bd8835850c7f53983bb302d
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-debuginfo-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 3955877c1c467bb1153e47226896a2ce109bbc559aac0e00760c9b25b20d5e38
openswan-doc-2.6.24-8.el6_0.1.s390x.rpm SHA-256: 6b72271e850146a5fd23ee69c9c8355de1508e48b25ec2763242ac0a2ff90838

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.