Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 580006 (CVE-2016-3071) - <net-misc/libreswan-3.17: DoS when receiving an IKE transform containing AES_XCBC
Summary: <net-misc/libreswan-3.17: DoS when receiving an IKE transform containing AES_...
Status: RESOLVED FIXED
Alias: CVE-2016-3071
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: ~3 [noglsa cve]
Whiteboard:
Keywords:
: 578162 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-04-14 21:20 UTC by Daniel M. Weeks
Modified: 2016-11-21 22:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel M. Weeks 2016-04-14 21:20:02 UTC 
https://lists.libreswan.org/pipermail/swan-announce/2016/000019.html

Latest version in junkdrawer overlay for testing.

Reproducible: Always
Comment 1 Daniel M. Weeks 2016-04-14 21:28:08 UTC 
Correction, this does not affect the current version in the tree (3.15) but 3.16 should be skipped in favor of 3.17. See #578162.
Comment 2 Tomáš Mózes 2016-04-15 19:02:51 UTC 
*** Bug 578162 has been marked as a duplicate of this bug. ***
Comment 3 Mike Gilbert gentoo-dev 2016-04-15 19:23:13 UTC 
So... there's really nothing for me to do here?
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2016-11-21 22:48:56 UTC 
Vulnerable version never landed in the tree.  Package was not stabilized back then either.