Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 580006 (CVE-2016-3071)

Summary: <net-misc/libreswan-3.17: DoS when receiving an IKE transform containing AES_XCBC
Product: Gentoo Security Reporter: Daniel M. Weeks <dan>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: floppym, pinkbyte
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: ~3 [noglsa cve]
Whiteboard:
Package list:
Runtime testing required: ---

Description Daniel M. Weeks 2016-04-14 21:20:02 UTC 
https://lists.libreswan.org/pipermail/swan-announce/2016/000019.html

Latest version in junkdrawer overlay for testing.

Reproducible: Always
Comment 1 Daniel M. Weeks 2016-04-14 21:28:08 UTC 
Correction, this does not affect the current version in the tree (3.15) but 3.16 should be skipped in favor of 3.17. See #578162.
Comment 2 Tomáš Mózes 2016-04-15 19:02:51 UTC 
*** Bug 578162 has been marked as a duplicate of this bug. ***
Comment 3 Mike Gilbert gentoo-dev 2016-04-15 19:23:13 UTC 
So... there's really nothing for me to do here?
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2016-11-21 22:48:56 UTC 
Vulnerable version never landed in the tree.  Package was not stabilized back then either.