Summary: | <net-misc/libreswan-3.15: denial of service via IKE daemon restart when receiving a bad DH gx by peer (CVE-2015-3240) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Darko Luketic <info> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | floppym |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://libreswan.org/security/CVE-2015-3240/CVE-2015-3240.txt | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Darko Luketic
2015-08-25 11:30:13 UTC
I have added libreswan-3.15 to the gentoo repository. Should be ok to stabilize it. Arches, please test and mark stable: =net-misc/libreswan-3.15 Target keywords : "amd64 x86" amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Arches, Thank you for your work. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s). (In reply to Yury German from comment #5) > Arches, Thank you for your work. > GLSA Vote: No Revising, due to GLSA in a more serious version. Adding to existing GLSA. Maintainer(s), please drop the vulnerable version(s). It has been 30 days since cleanup was requested. Maintainer(s), please drop the vulnerable version(s). (In reply to Yury German from comment #7) > It has been 30 days since cleanup was requested. > Maintainer(s), please drop the vulnerable version(s). Done. I get a lot of bugmail, so it's not always the most effective way to get my attention. Maintainer(s), Thank you for your work. This issue was resolved and addressed in GLSA 201603-13 at https://security.gentoo.org/glsa/201603-13 by GLSA coordinator Kristian Fiskerstrand (K_F). |