From secunia security advisory at $URL:
The vulnerability is caused due to a use-after-free error related to the crypto helper handler, which can be exploited to crash the IKE daemon by passing specially crafted ISAKMP phase 1 authentication.
The vulnerability is reported in versions 2.3.0 through 2.6.36 (configured with nhelpers=0).
Update to version 2.6.37 or apply patch.
Atm I set to B3 because I don't know if nhelpers=0 is a default or not configuration.
Anyway there is no big difference from B3 ad C3
net-misc/openswan-2.6.37 has been submitted to the tree
Arches please test and mark stable:
target KEYWORDS : "amd64 x86"
@mrness, is enough compile test or is required other?
I've test it myself in a L2TP setup, a simple compile test should be enough.
just a minor QA issue;
* QA Notice: Package has poor programming practices which may compile
* fine but exhibit random runtime failures.
* ikeping.c:257:9: warning: dereferencing type-punned pointer will break strict-aliasing rules
* ikeping.c:259:9: warning: dereferencing type-punned pointer will break strict-aliasing rules
* Please do not file a Gentoo bug and instead report the above QA
* issues directly to the upstream developers of this software.
otherwise all aok
+ 10 Nov 2011; Tony Vroon <email@example.com> openswan-2.6.37.ebuild:
+ Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian
+ "idella4" Delaney in security bug #389097.
Thanks, added glsa request vote
Thanks, folks. GLSA Vote: yes.
Use-after-free vulnerability in the cryptographic helper handler
functionality in Openswan 2.3.0 through 2.6.36 allows remote attackers to
cause a denial of service (pluto IKE daemon crash) via vectors related to
the (1) quick_outI1_continue and (2) quick_outI1 functions.
Created new GLSA request.
This issue was resolved and addressed in
GLSA 201203-13 at http://security.gentoo.org/glsa/glsa-201203-13.xml
by GLSA coordinator Sean Amoss (ackle).