Bug 10126 - openswan new security issue CVE-2013-2053
: openswan new security issue CVE-2013-2053
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 3
: i586 Linux
: Normal Severity: critical
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/550931/
: MGA2TOO has_procedure mga2-32-ok mga2...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2013-05-16 19:43 CEST by David Walser
Modified: 2013-05-25 21:59 CEST (History)
2 users (show)

See Also:
Source RPM: openswan-2.6.28-4.mga3.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2013-05-16 19:43:29 CEST
RedHat has issued an advisory on May 15:
https://rhn.redhat.com/errata/RHSA-2013-0827.html

Patches added in Cauldron, Mageia 2, and Mageia 1 SVN.

I'll push to updates_testing once Mageia 3 has branched.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2013-05-24 18:55:19 CEST
Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron.

Advisory:
========================

Updated openswan packages fix security vulnerability:

A buffer overflow flaw was found in Openswan. If Opportunistic Encryption
were enabled ("oe=yes" in "/etc/ipsec.conf") and an RSA key configured, an
attacker able to cause a system to perform a DNS lookup for an
attacker-controlled domain containing malicious records (such as by sending
an email that triggers a DKIM or SPF DNS record lookup) could cause
Openswan's pluto IKE daemon to crash or, potentially, execute arbitrary
code with root privileges. With "oe=yes" but no RSA key configured, the
issue can only be triggered by attackers on the local network who can
control the reverse DNS entry of the target system. Opportunistic
Encryption is disabled by default (CVE-2013-2053).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2053
https://rhn.redhat.com/errata/RHSA-2013-0827.html
========================

Updated packages in core/updates_testing:
========================
openswan-2.6.28-2.2.mga2
openswan-doc-2.6.28-2.2.mga2
openswan-2.6.28-5.mga3
openswan-doc-2.6.28-5.mga3

from Source RPMs:
openswan-2.6.28-2.2.mga2.src.rpm
openswan-2.6.28-5.mga3.src.rpm
Comment 2 David Walser 2013-05-24 18:56:22 CEST
Assigning to QA.

Advisory:
========================

Updated openswan packages fix security vulnerability:

A buffer overflow flaw was found in Openswan. If Opportunistic Encryption
were enabled ("oe=yes" in "/etc/ipsec.conf") and an RSA key configured, an
attacker able to cause a system to perform a DNS lookup for an
attacker-controlled domain containing malicious records (such as by sending
an email that triggers a DKIM or SPF DNS record lookup) could cause
Openswan's pluto IKE daemon to crash or, potentially, execute arbitrary
code with root privileges. With "oe=yes" but no RSA key configured, the
issue can only be triggered by attackers on the local network who can
control the reverse DNS entry of the target system. Opportunistic
Encryption is disabled by default (CVE-2013-2053).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2053
https://rhn.redhat.com/errata/RHSA-2013-0827.html
========================

Updated packages in core/updates_testing:
========================
openswan-2.6.28-2.2.mga2
openswan-doc-2.6.28-2.2.mga2
openswan-2.6.28-5.mga3
openswan-doc-2.6.28-5.mga3

from Source RPMs:
openswan-2.6.28-2.2.mga2.src.rpm
openswan-2.6.28-5.mga3.src.rpm
Comment 3 claire robinson 2013-05-25 13:08:04 CEST
Procedure: https://bugs.mageia.org/show_bug.cgi?id=7095#c7
Comment 4 claire robinson 2013-05-25 13:35:21 CEST
Testing complete mga3 64 & 32, mga2 64 & 32

Note that this still redirects to chkconfig on mga3

Validating

Advisory & srpms in comment 1

Could sysadmin please push from core/updates_testing to core/updates for mga2 & 3

Thanks!
Comment 5 Thomas Backlund 2013-05-25 21:59:22 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0157

Note You need to log in before you can comment on or make changes to this bug.