From secunia security advisory at $URL: Description: The vulnerability is caused due to a use-after-free error related to the crypto helper handler, which can be exploited to crash the IKE daemon by passing specially crafted ISAKMP phase 1 authentication. The vulnerability is reported in versions 2.3.0 through 2.6.36 (configured with nhelpers=0). Solution: Update to version 2.6.37 or apply patch.
Atm I set to B3 because I don't know if nhelpers=0 is a default or not configuration. Anyway there is no big difference from B3 ad C3
net-misc/openswan-2.6.37 has been submitted to the tree
Thanks. Arches please test and mark stable: =net-misc/openswan-2.6.37 target KEYWORDS : "amd64 x86"
@mrness, is enough compile test or is required other?
I've test it myself in a L2TP setup, a simple compile test should be enough.
x86 stable
amd64 ok
amd64: just a minor QA issue; * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * ikeping.c:257:9: warning: dereferencing type-punned pointer will break strict-aliasing rules * ikeping.c:259:9: warning: dereferencing type-punned pointer will break strict-aliasing rules * Please do not file a Gentoo bug and instead report the above QA * issues directly to the upstream developers of this software. otherwise all aok
+ 10 Nov 2011; Tony Vroon <chainsaw@gentoo.org> openswan-2.6.37.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian + "idella4" Delaney in security bug #389097.
Thanks, added glsa request vote
Thanks, folks. GLSA Vote: yes.
CVE-2011-4073 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4073): Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
Vote: Yes. Created new GLSA request.
This issue was resolved and addressed in GLSA 201203-13 at http://security.gentoo.org/glsa/glsa-201203-13.xml by GLSA coordinator Sean Amoss (ackle).