Issued:
2020-05-12
Updated:
2020-05-12

RHSA-2020:2070 - Security Advisory

Synopsis

Important: libreswan security update

Type/Severity

Security Advisory: Important

Topic

An update for libreswan is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).

Security Fix(es):

  • libreswan: DoS attack via malicious IKEv1 informational exchange message (CVE-2020-1763)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
  • Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 1814541 - CVE-2020-1763 libreswan: DoS attack via malicious IKEv1 informational exchange message

CVEs

References

Red Hat Enterprise Linux for x86_64 8

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
x86_64
libreswan-3.29-7.el8_2.x86_64.rpm SHA-256: a884913431af82e46b0970d8002e774b62dee01569d7036ed851acc72f1ee4d4
libreswan-debuginfo-3.29-7.el8_2.x86_64.rpm SHA-256: bbc697425551207ae14930ff864abe3ba3873b6146f52379f4d018d911449ebc
libreswan-debugsource-3.29-7.el8_2.x86_64.rpm SHA-256: 95cefb2b7ca2d5afb74acbfb436dd71a95ed4dbc8076d756ea503248270495e4

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
x86_64
libreswan-3.29-7.el8_2.x86_64.rpm SHA-256: a884913431af82e46b0970d8002e774b62dee01569d7036ed851acc72f1ee4d4
libreswan-debuginfo-3.29-7.el8_2.x86_64.rpm SHA-256: bbc697425551207ae14930ff864abe3ba3873b6146f52379f4d018d911449ebc
libreswan-debugsource-3.29-7.el8_2.x86_64.rpm SHA-256: 95cefb2b7ca2d5afb74acbfb436dd71a95ed4dbc8076d756ea503248270495e4

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
x86_64
libreswan-3.29-7.el8_2.x86_64.rpm SHA-256: a884913431af82e46b0970d8002e774b62dee01569d7036ed851acc72f1ee4d4
libreswan-debuginfo-3.29-7.el8_2.x86_64.rpm SHA-256: bbc697425551207ae14930ff864abe3ba3873b6146f52379f4d018d911449ebc
libreswan-debugsource-3.29-7.el8_2.x86_64.rpm SHA-256: 95cefb2b7ca2d5afb74acbfb436dd71a95ed4dbc8076d756ea503248270495e4

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
s390x
libreswan-3.29-7.el8_2.s390x.rpm SHA-256: 10409cb6c8c638b92734b514a54b3d60a21f8cff04a374c2c83ddd6872f3c565
libreswan-debuginfo-3.29-7.el8_2.s390x.rpm SHA-256: e92539408101fca162aab6eb51f625d5f87f4fc687ab623c1fe818fa8bf70c8c
libreswan-debugsource-3.29-7.el8_2.s390x.rpm SHA-256: 1e956f99c4b161a603274f51f586ec60affc24ab9b4b02ecab2a337661626398

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
s390x
libreswan-3.29-7.el8_2.s390x.rpm SHA-256: 10409cb6c8c638b92734b514a54b3d60a21f8cff04a374c2c83ddd6872f3c565
libreswan-debuginfo-3.29-7.el8_2.s390x.rpm SHA-256: e92539408101fca162aab6eb51f625d5f87f4fc687ab623c1fe818fa8bf70c8c
libreswan-debugsource-3.29-7.el8_2.s390x.rpm SHA-256: 1e956f99c4b161a603274f51f586ec60affc24ab9b4b02ecab2a337661626398

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
ppc64le
libreswan-3.29-7.el8_2.ppc64le.rpm SHA-256: c23be80099d42dc67cc2382163755ea90719761622a342a507bf1af6ad20e0ce
libreswan-debuginfo-3.29-7.el8_2.ppc64le.rpm SHA-256: ffc82e212c343940df62e3754c9d265a00d00c5a4b063f46fe0e8c38944f1f5f
libreswan-debugsource-3.29-7.el8_2.ppc64le.rpm SHA-256: d9c8a8a195d9889a3630411e4caebd9a86dc84cc75a390d8d91e888ae9e3b03c

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
ppc64le
libreswan-3.29-7.el8_2.ppc64le.rpm SHA-256: c23be80099d42dc67cc2382163755ea90719761622a342a507bf1af6ad20e0ce
libreswan-debuginfo-3.29-7.el8_2.ppc64le.rpm SHA-256: ffc82e212c343940df62e3754c9d265a00d00c5a4b063f46fe0e8c38944f1f5f
libreswan-debugsource-3.29-7.el8_2.ppc64le.rpm SHA-256: d9c8a8a195d9889a3630411e4caebd9a86dc84cc75a390d8d91e888ae9e3b03c

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
x86_64
libreswan-3.29-7.el8_2.x86_64.rpm SHA-256: a884913431af82e46b0970d8002e774b62dee01569d7036ed851acc72f1ee4d4
libreswan-debuginfo-3.29-7.el8_2.x86_64.rpm SHA-256: bbc697425551207ae14930ff864abe3ba3873b6146f52379f4d018d911449ebc
libreswan-debugsource-3.29-7.el8_2.x86_64.rpm SHA-256: 95cefb2b7ca2d5afb74acbfb436dd71a95ed4dbc8076d756ea503248270495e4

Red Hat Enterprise Linux for ARM 64 8

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
aarch64
libreswan-3.29-7.el8_2.aarch64.rpm SHA-256: 33a35a55b2610d89bf37cbd808ae135fd10064268560748768f0a573e57aefc0
libreswan-debuginfo-3.29-7.el8_2.aarch64.rpm SHA-256: 8d5b8befe59bd18647eba583c3db7986d4215d89424ce92a46ab3eed4b64917f
libreswan-debugsource-3.29-7.el8_2.aarch64.rpm SHA-256: 32034b1eddb57df935a420a4e650c858327462a2c5a1a5ce358d28f73fc528ef

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
aarch64
libreswan-3.29-7.el8_2.aarch64.rpm SHA-256: 33a35a55b2610d89bf37cbd808ae135fd10064268560748768f0a573e57aefc0
libreswan-debuginfo-3.29-7.el8_2.aarch64.rpm SHA-256: 8d5b8befe59bd18647eba583c3db7986d4215d89424ce92a46ab3eed4b64917f
libreswan-debugsource-3.29-7.el8_2.aarch64.rpm SHA-256: 32034b1eddb57df935a420a4e650c858327462a2c5a1a5ce358d28f73fc528ef

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
ppc64le
libreswan-3.29-7.el8_2.ppc64le.rpm SHA-256: c23be80099d42dc67cc2382163755ea90719761622a342a507bf1af6ad20e0ce
libreswan-debuginfo-3.29-7.el8_2.ppc64le.rpm SHA-256: ffc82e212c343940df62e3754c9d265a00d00c5a4b063f46fe0e8c38944f1f5f
libreswan-debugsource-3.29-7.el8_2.ppc64le.rpm SHA-256: d9c8a8a195d9889a3630411e4caebd9a86dc84cc75a390d8d91e888ae9e3b03c

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2

SRPM
libreswan-3.29-7.el8_2.src.rpm SHA-256: 5e30aa5e829788f7ed60bd15f13b3f1fb3a1b67788997c1cf3069f8f04701f1c
x86_64
libreswan-3.29-7.el8_2.x86_64.rpm SHA-256: a884913431af82e46b0970d8002e774b62dee01569d7036ed851acc72f1ee4d4
libreswan-debuginfo-3.29-7.el8_2.x86_64.rpm SHA-256: bbc697425551207ae14930ff864abe3ba3873b6146f52379f4d018d911449ebc
libreswan-debugsource-3.29-7.el8_2.x86_64.rpm SHA-256: 95cefb2b7ca2d5afb74acbfb436dd71a95ed4dbc8076d756ea503248270495e4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.