Description: "The Libreswan Project was notified by Stephan Zeisberg of Security Research Labs of a bug in handling bogus encrypted IKEv1 INFORMATIONAL Exchange packet requests for which there is no state. While building a log message that the packet has been dropped, a NULL pointer dereference causes libreswan to crash and restart when it attempts to log the state name involved." Note: "This vulnerability cannot be abused for a remote code execution or an authentication bypass. But by continuing to send these packets, a denial of service attack against the libreswan IKE service is possible."
@maintainer(s), please apply the provided patch or bump to 3.32. Patch: https://libreswan.org/security/CVE-2020-1763/libreswan-3.31-CVE-2020-1763.patch
libreswan 3.32 is now available. I'll wait a day or so for testing before adding arches.
(In reply to Hans de Graaff from comment #2) > libreswan 3.32 is now available. I'll wait a day or so for testing before > adding arches. No problem, thanks!
(In reply to Hans de Graaff from comment #2) > libreswan 3.32 is now available. I'll wait a day or so for testing before > adding arches. How're we looking?
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Cleanup done.
(In reply to Hans de Graaff from comment #7) > Cleanup done. Thank you!
GLSA vote: yes
This issue was resolved and addressed in GLSA 202007-21 at https://security.gentoo.org/glsa/202007-21 by GLSA coordinator Sam James (sam_c).
