Issued:: 2020-05-12
Updated:: 2020-05-12

RHSA-2020:2069 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libreswan security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libreswan is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).

Security Fix(es):

libreswan: DoS attack via malicious IKEv1 informational exchange message (CVE-2020-1763)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0 x86_64

Fixes

BZ - 1814541 - CVE-2020-1763 libreswan: DoS attack via malicious IKEv1 informational exchange message

CVEs

CVE-2020-1763

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0

SRPM
libreswan-3.27-10.el8_0.src.rpm	SHA-256: 31dbcaa44035c07912f7b64e21d7df650bfd958e22c1e0d9c74b07fad57f4974
ppc64le
libreswan-3.27-10.el8_0.ppc64le.rpm	SHA-256: 6191a246a0f50dcd06456ec24590f8eac757bd12b3e1f7a358a4ce979d4c76a3
libreswan-debuginfo-3.27-10.el8_0.ppc64le.rpm	SHA-256: 5d272cf3ce7e91ccb4367a1f3236b5ccfca35368afbb0767239935c6cb1ecb65
libreswan-debugsource-3.27-10.el8_0.ppc64le.rpm	SHA-256: 2cc1bda745bcab43119257c7267885728955fcdfc244a184e2ffaa1c50fa7766

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0

SRPM
libreswan-3.27-10.el8_0.src.rpm	SHA-256: 31dbcaa44035c07912f7b64e21d7df650bfd958e22c1e0d9c74b07fad57f4974
x86_64
libreswan-3.27-10.el8_0.x86_64.rpm	SHA-256: c6a22fb647feb1d225bc8bb30ebb476f645a2137968c23234af21c74d6745100
libreswan-debuginfo-3.27-10.el8_0.x86_64.rpm	SHA-256: 46ea65ba39f26d6c93be09465634d85715a51ad94831a7ced93c206d7c4fa021
libreswan-debugsource-3.27-10.el8_0.x86_64.rpm	SHA-256: 51dfee6a87c96887d8053c1eb234145e1a4899a28a084bc08dd8c2abe41a2c01

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation