- Issued:
- 2012-07-12
- Updated:
- 2012-07-12
RHBA-2012:1069 - openswan bug fix update
Synopsis
openswan bug fix update
Type/Severity
Bug Fix Advisory
Topic
Updated openswan packages that fix two bugs are now available for Red Hat Enterprise Linux 6.
Description
Openswan is a free implementation of IPsec (internet Protocol Security) and IKE (Internet Key Exchange) for Linux. The openswan packages contain the daemons and user-space tools for setting up Openswan. It supports the NETKEY/XFRM IPsec kernel stack that exists in the default Linux kernel. Openswan 2.6 and later also supports IKEv2 (Internet Key Exchange Protocol Version 2), which is defined in RFC5996.
This update fixes the following bugs:
-
According to the RFC 5996 standard, reserved fields must be ignored on receipt irrespective of their value. Previously, however, the contents of the reserved fields was not being ignored on receipt for some payloads. Consequently, Openswan reported an error message and IKE negotiation failed. With this update, Openswan has been modified to ignore the reserved fields and IKE negotiation succeeds regardless of the reserved field value. (BZ#834660)
-
When a connection was configured in transport mode, Openswan did not pass information about traffic selectors to the NETKEY/XFRM IPsec kernel stack during the setup of security associations (SAs). Consequently, the information was not available in the output of the "ip xfrm state" command. With this update, Openswan correctly passes the traffic selectors information to the kernel when SAs are setup in transport mode. (BZ#834662)
All users of openswan are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 6.3 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 6.3 | i386 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for Power, big endian - Extended Update Support | 6.3 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 6.3 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Update Support from RHUI | 6.3 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Update Support from RHUI | 6.3 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- openswan-doc-2.6.32-18.el6_3.i686.rpm
- openswan-2.6.32-18.el6_3.i686.rpm
- openswan-debuginfo-2.6.32-18.el6_3.ppc64.rpm
- openswan-doc-2.6.32-18.el6_3.s390x.rpm
- openswan-doc-2.6.32-18.el6_3.ppc64.rpm
- openswan-2.6.32-18.el6_3.ppc64.rpm
- openswan-2.6.32-18.el6_3.src.rpm
- openswan-debuginfo-2.6.32-18.el6_3.i686.rpm
- openswan-2.6.32-18.el6_3.s390x.rpm
- openswan-doc-2.6.32-18.el6_3.x86_64.rpm
- openswan-2.6.32-18.el6_3.x86_64.rpm
- openswan-debuginfo-2.6.32-18.el6_3.x86_64.rpm
- openswan-debuginfo-2.6.32-18.el6_3.s390x.rpm
Fixes
(none)
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.