Summary: | <net-misc/libreswan-3.13: Malicious payload causing IKE daemon restart (CVE-2015-3204) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Mike Gilbert <floppym> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://libreswan.org/security/CVE-2015-3204/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Mike Gilbert
2015-06-01 20:08:23 UTC
I will commit a version bump later today. net-misc/libreswan-3.13 has been added to the tree, and may be stabilized. CVE-2015-3204 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3204): libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK. Arches, please stabilize: =net-misc/libreswan-3.13 Stable targets: amd64 x86 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Vote: yes Arches and Maintainer(s), Thank you for your work. GLSA Vote: Yes Maintainer(s), please drop the vulnerable version(s). Cleanup done. Already assigned to a GLSA. This issue was resolved and addressed in GLSA 201603-13 at https://security.gentoo.org/glsa/201603-13 by GLSA coordinator Kristian Fiskerstrand (K_F). |