Bug 25065

Summary: libreswan new security issue - CVE-2019-10155
Product: Mageia Reporter: Stig-Ørjan Smelror <smelror>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: herman.viaene, nathan95, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-32-OK MGA7-64-OK
Source RPM: libreswan-3.27-4.mga7.src.rpm CVE: CVE-2019-10155
Status comment:

Description Stig-Ørjan Smelror 2019-07-06 19:32:56 CEST 
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

https://nvd.nist.gov/vuln/detail/CVE-2019-10155
Comment 1 Stig-Ørjan Smelror 2019-07-06 19:48:42 CEST 
Version 3.29 pushed to Cauldron

Version: Cauldron => 7
CVE: (none) => CVE-2019-10155

Comment 2 Stig-Ørjan Smelror 2019-07-06 19:52:33 CEST 
Advisory
========
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

References
==========
https://nvd.nist.gov/vuln/detail/CVE-2019-10155

Files
=====

Uploaded to core/updates_testing

unbound-1.9.1-1.1.mga7
libunbound8-1.9.1-1.1.mga7
libunbound-devel-1.9.1-1.1.mga7
python2-unbound-1.9.1-1.1.mga7
python3-unbound-1.9.1-1.1.mga7

from unbound-1.9.1-1.1.mga7.src.rpm

libreswan-3.29-1.mga7

from libreswan-3.29-1.mga7.src.rpm

Assignee: smelror => qa-bugs

Comment 3 Stig-Ørjan Smelror 2019-07-07 00:32:27 CEST 
Advisory
========
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

References
==========
https://nvd.nist.gov/vuln/detail/CVE-2019-10155

Files
=====

Uploaded to core/updates_testing

unbound-1.9.1-1.1.mga7
libunbound8-1.9.1-1.1.mga7
libunbound-devel-1.9.1-1.1.mga7
python2-unbound-1.9.1-1.1.mga7
python3-unbound-1.9.1-1.1.mga7

from unbound-1.9.1-1.1.mga7.src.rpm

libreswan-3.29-1.1.mga7

from libreswan-3.29-1.1.mga7.src.rpm
Comment 4 Herman Viaene 2019-07-08 11:43:38 CEST 
MGA7-32 MATE on IBM Thinkpad R50e
No installation issues
Did some googling on libreswan (no previous update bugs found) and concluded this is not in my league.
I'm happy to report it does not disturb my little LAN DNS setup, so if the higher powers are happy with this clean install, I will not object this update is OK'ed.

CC: (none) => herman.viaene

Comment 5 nathan giovannini 2019-07-20 18:21:28 CEST 
MGA7-64 After this update I do not notice any issues nor bugs of sorts regarding my Acer Aspire.
As far as I'm concerned this update can be validated

CC: (none) => nathan95

David Walser 2019-07-20 18:29:53 CEST

Whiteboard: (none) => MGA7-32-OK MGA7-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Thomas Backlund 2019-07-21 14:04:09 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 6 Mageia Robot 2019-07-21 20:18:36 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0210.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED