| Summary: | libreswan new security issue CVE-2020-1763 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, herman.viaene, smelror, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | libreswan-3.31-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-05-12 16:11:37 CEST
David Walser
2020-05-12 16:12:02 CEST
Status comment:
(none) =>
Fixed upstream in 3.32 Updated packages uploaded by Stig-Ørjan. Advisory: ======================== Updated libreswan packages fix security vulnerability: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash (CVE-2020-1763). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1763 https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt https://access.redhat.com/errata/RHSA-2020:2070 ======================== Updated packages in core/updates_testing: ======================== libreswan-3.32-1.mga7 from libreswan-3.32-1.mga7.src.rpm Whiteboard:
MGA7TOO =>
(none) MGA7-64 Plasma on Lenovo B50 No installation issues. Ref to bug 25065 and not noticing any ill effects on this laptop and its access to my LAN, OK'ing. Whiteboard:
(none) =>
MGA7-64-OK Validating. Advisory in Comment 1. Keywords:
(none) =>
validated_update
Thomas Backlund
2020-05-15 16:41:30 CEST
CC:
(none) =>
tmb An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0215.html Resolution:
(none) =>
FIXED |