Bug 33105

Cauldron updated

CVE: (none) => CVE-2024-3652

Advisory
========

libreswan has been updated to version 4.15 to fix CVE-2024-3652.

CVE-2024-3652: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.


References
==========
https://github.com/advisories/GHSA-395v-96gv-76w3
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3652


Files
=====

Uploaded to core/updates_testing

libreswan-4.15-1.mga9

from libreswan-4.15-1.mga9.src.rpm

Assignee: smelror => qa-bugs

RH mageia 9 x86_64

LC_ALL=C urpmi libreswan
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "Core Release (distrib1)")
  lib64ldns3                     1.8.3        1.mga9        x86_64  
(medium "Core Updates (distrib3)")
  libreswan                      4.14         1.mga9        x86_64  
4.8MB of additional disk space will be used.
1.3MB of packages will be retrieved.
Proceed with the installation of the 2 packages? (Y/n) y


    https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64ldns3-1.8.3-1.mga9.x86_64.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/libreswan-4.14-1.mga9.x86_64.rpm               
installing libreswan-4.14-1.mga9.x86_64.rpm lib64ldns3-1.8.3-1.mga9.x86_64.rpm from /var/cache/urpmi/rpms                           
Preparing...                     ##################################################################################################
      1/2: lib64ldns3            ##################################################################################################
      2/2: libreswan             ##################################################################################################

LC_ALL=C urpmi --auto --auto-update 
medium "QA Testing (32-bit)" is up-to-date
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release (distrib1)" is up-to-date
medium "Core Updates (distrib3)" is up-to-date
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
medium "Tainted Updates (distrib23)" is up-to-date
medium "Core 32bit Release (distrib31)" is up-to-date
medium "Core 32bit Updates (distrib32)" is up-to-date
medium "Nonfree 32bit Release (distrib36)" is up-to-date
medium "Tainted 32bit Release (distrib41)" is up-to-date
medium "Tainted 32bit Updates (distrib42)" is up-to-date


installing libreswan-4.15-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: libreswan             ##################################################################################################
      1/1: removing libreswan-4.14-1.mga9.x86_64
                                 ##################################################################################################


urpmq --whatrequires-recursive libreswan
libreswan
libreswan

LC_ALL=C urpme libreswan
removing libreswan-4.15-1.mga9.x86_64
removing package libreswan-4.15-1.mga9.x86_64
      1/1: removing libreswan-4.15-1.mga9.x86_64
                                 ##################################################################################################

A little complex/time-consuming test this, give ok

Whiteboard: (none) => MGA9-64-OK

Previous updates were validated essentially after a clean install that didn't appear to do any harm.

Validating.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0138.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED