Red Hat Product Errata RHSA-2011:1356 - Security Advisory

Issued:: 2011-10-05
Updated:: 2011-10-05

RHSA-2011:1356 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: openswan security update

Type/Severity

Security Advisory: Moderate

Topic

Updated openswan packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks.

A NULL pointer dereference flaw was found in the way Openswan's pluto IKE
daemon handled certain error conditions. A remote, unauthenticated attacker
could send a specially-crafted IKE packet that would crash the pluto
daemon. (CVE-2011-3380)

Red Hat would like to thank the Openswan project for reporting this issue.
Upstream acknowledges Paul Wouters as the original reporter.

All users of openswan are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, the ipsec service will be restarted automatically.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.1 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.1 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.1 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.1 ppc64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1 x86_64
Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1 i386
Red Hat Virtual Storage Appliance (from RHUI) 6.1 x86_64

Fixes

BZ - 742065 - CVE-2011-3380 openswan: IKE invalid key length allows remote unauthenticated user to crash openswan

CVEs

CVE-2011-3380

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
openswan-2.6.32-4.el6_1.2.src.rpm	SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
x86_64
openswan-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: aa7e87d3fc455e6f4d33b3e2982a41f959d6bda4dba1eb2657c117c3f819625d
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6f20e57e53351eab44e10ff7eec3a0aadc8024970cef56dd14157630c282a069
i386
openswan-2.6.32-4.el6_1.2.i686.rpm	SHA-256: efe3ca0bece39191d4d605a5b0bbec176f21a98851fef53f404b07c97bf2a863
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-doc-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 19ed46dd71e0b6376a81911ae428da448c6c3c458f98e3d85d86c948976aec50

Red Hat Enterprise Linux for x86_64 - Extended Update Support 6.1

SRPM
openswan-2.6.32-4.el6_1.2.src.rpm	SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
x86_64
openswan-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: aa7e87d3fc455e6f4d33b3e2982a41f959d6bda4dba1eb2657c117c3f819625d
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6f20e57e53351eab44e10ff7eec3a0aadc8024970cef56dd14157630c282a069
i386
openswan-2.6.32-4.el6_1.2.i686.rpm	SHA-256: efe3ca0bece39191d4d605a5b0bbec176f21a98851fef53f404b07c97bf2a863
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-doc-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 19ed46dd71e0b6376a81911ae428da448c6c3c458f98e3d85d86c948976aec50

Red Hat Enterprise Linux Workstation 6

SRPM
openswan-2.6.32-4.el6_1.2.src.rpm	SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
x86_64
openswan-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: aa7e87d3fc455e6f4d33b3e2982a41f959d6bda4dba1eb2657c117c3f819625d
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6f20e57e53351eab44e10ff7eec3a0aadc8024970cef56dd14157630c282a069
i386
openswan-2.6.32-4.el6_1.2.i686.rpm	SHA-256: efe3ca0bece39191d4d605a5b0bbec176f21a98851fef53f404b07c97bf2a863
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-doc-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 19ed46dd71e0b6376a81911ae428da448c6c3c458f98e3d85d86c948976aec50

Red Hat Enterprise Linux Desktop 6

SRPM
openswan-2.6.32-4.el6_1.2.src.rpm	SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
x86_64
openswan-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: aa7e87d3fc455e6f4d33b3e2982a41f959d6bda4dba1eb2657c117c3f819625d
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6f20e57e53351eab44e10ff7eec3a0aadc8024970cef56dd14157630c282a069
i386
openswan-2.6.32-4.el6_1.2.i686.rpm	SHA-256: efe3ca0bece39191d4d605a5b0bbec176f21a98851fef53f404b07c97bf2a863
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-doc-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 19ed46dd71e0b6376a81911ae428da448c6c3c458f98e3d85d86c948976aec50

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
openswan-2.6.32-4.el6_1.2.src.rpm	SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
s390x
openswan-2.6.32-4.el6_1.2.s390x.rpm	SHA-256: a23997a758743ee37826bd8e49c386d91eae52d93a8f04c7a12046176a3a0d93
openswan-debuginfo-2.6.32-4.el6_1.2.s390x.rpm	SHA-256: 2481afe8ef02d24ac55e4d951f0a5a162f4431ca196cc5914bb832247833e5b3
openswan-debuginfo-2.6.32-4.el6_1.2.s390x.rpm	SHA-256: 2481afe8ef02d24ac55e4d951f0a5a162f4431ca196cc5914bb832247833e5b3
openswan-doc-2.6.32-4.el6_1.2.s390x.rpm	SHA-256: b2a2415c5aa63c424880db2358c272a6d8afcc9a0257c7c25c3fb9a9b089fcc5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.1

SRPM
openswan-2.6.32-4.el6_1.2.src.rpm	SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
s390x
openswan-2.6.32-4.el6_1.2.s390x.rpm	SHA-256: a23997a758743ee37826bd8e49c386d91eae52d93a8f04c7a12046176a3a0d93
openswan-debuginfo-2.6.32-4.el6_1.2.s390x.rpm	SHA-256: 2481afe8ef02d24ac55e4d951f0a5a162f4431ca196cc5914bb832247833e5b3
openswan-debuginfo-2.6.32-4.el6_1.2.s390x.rpm	SHA-256: 2481afe8ef02d24ac55e4d951f0a5a162f4431ca196cc5914bb832247833e5b3
openswan-doc-2.6.32-4.el6_1.2.s390x.rpm	SHA-256: b2a2415c5aa63c424880db2358c272a6d8afcc9a0257c7c25c3fb9a9b089fcc5

Red Hat Enterprise Linux for Power, big endian 6

SRPM
openswan-2.6.32-4.el6_1.2.src.rpm	SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
ppc64
openswan-2.6.32-4.el6_1.2.ppc64.rpm	SHA-256: 9666c2143bfcdf84fb035c5bc04f71c28d94d44aa91ed890d7b94a403ee05bea
openswan-debuginfo-2.6.32-4.el6_1.2.ppc64.rpm	SHA-256: ece45739d4a4d3f70818aadbe203960d6ca40fc1b3fae9a3490bbc86dcca547c
openswan-debuginfo-2.6.32-4.el6_1.2.ppc64.rpm	SHA-256: ece45739d4a4d3f70818aadbe203960d6ca40fc1b3fae9a3490bbc86dcca547c
openswan-doc-2.6.32-4.el6_1.2.ppc64.rpm	SHA-256: e8f068bf9bcd92963baa6b72a38130de40001e245327f08d4b69e5e873b4cb31

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.1

SRPM
openswan-2.6.32-4.el6_1.2.src.rpm	SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
ppc64
openswan-2.6.32-4.el6_1.2.ppc64.rpm	SHA-256: 9666c2143bfcdf84fb035c5bc04f71c28d94d44aa91ed890d7b94a403ee05bea
openswan-debuginfo-2.6.32-4.el6_1.2.ppc64.rpm	SHA-256: ece45739d4a4d3f70818aadbe203960d6ca40fc1b3fae9a3490bbc86dcca547c
openswan-debuginfo-2.6.32-4.el6_1.2.ppc64.rpm	SHA-256: ece45739d4a4d3f70818aadbe203960d6ca40fc1b3fae9a3490bbc86dcca547c
openswan-doc-2.6.32-4.el6_1.2.ppc64.rpm	SHA-256: e8f068bf9bcd92963baa6b72a38130de40001e245327f08d4b69e5e873b4cb31

Red Hat Enterprise Linux Server from RHUI 6

SRPM
openswan-2.6.32-4.el6_1.2.src.rpm	SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
x86_64
openswan-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: aa7e87d3fc455e6f4d33b3e2982a41f959d6bda4dba1eb2657c117c3f819625d
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
openswan-doc-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6f20e57e53351eab44e10ff7eec3a0aadc8024970cef56dd14157630c282a069
i386
openswan-2.6.32-4.el6_1.2.i686.rpm	SHA-256: efe3ca0bece39191d4d605a5b0bbec176f21a98851fef53f404b07c97bf2a863
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74
openswan-doc-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 19ed46dd71e0b6376a81911ae428da448c6c3c458f98e3d85d86c948976aec50

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1

SRPM
openswan-2.6.32-4.el6_1.2.src.rpm	SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
x86_64
openswan-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: aa7e87d3fc455e6f4d33b3e2982a41f959d6bda4dba1eb2657c117c3f819625d
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8
i386
openswan-2.6.32-4.el6_1.2.i686.rpm	SHA-256: efe3ca0bece39191d4d605a5b0bbec176f21a98851fef53f404b07c97bf2a863
openswan-debuginfo-2.6.32-4.el6_1.2.i686.rpm	SHA-256: 2d46817831b1ce4a4e9baa1e4eb69697cd86f7b4eda3762d39413af627a98d74

Red Hat Virtual Storage Appliance (from RHUI) 6.1

SRPM
openswan-2.6.32-4.el6_1.2.src.rpm	SHA-256: 1f56ab2688954b0c873c8694398e49940e357eb42e5325d61fed71490ce9853f
x86_64
openswan-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: aa7e87d3fc455e6f4d33b3e2982a41f959d6bda4dba1eb2657c117c3f819625d
openswan-debuginfo-2.6.32-4.el6_1.2.x86_64.rpm	SHA-256: 6be7626031d0aaf7a12d380a303e98fc79116f54b9f830ac3acb5f329941b1b8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories