Bug 12823 - openswan new security issue CVE-2013-6466
: openswan new security issue CVE-2013-6466
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 4
: i586 Linux
: Normal Severity: major
: ---
Assigned To: QA Team
: Sec team
: http://lwn.net/Vulnerabilities/587139/
: MGA3TOO has_procedure advisory mga3-3...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2014-02-19 21:36 CET by David Walser
Modified: 2014-02-25 23:21 CET (History)
3 users (show)

See Also:
Source RPM: openswan-2.6.28-5.mga3.src.rpm
CVE:


Attachments

Description David Walser 2014-02-19 21:36:32 CET
RedHat has issued an advisory on February 18:
https://rhn.redhat.com/errata/RHSA-2014-0185.html

Apparently the issue isn't fully fixed in openswan 2.6.40 upstream, so they will get another CVE for that, but it should be fixed in 2.6.41 when it comes out.

As for patching our versions, I don't have links to upstream commits that would be helpful to fix 2.6.39 (Mageia 4 and Cauldron) and RedHat's patch for 2.6.32 doesn't look reasonably rediffable for that version.  It may be rediffable for 2.6.28 in Mageia 3 (8 failed patch hunks).

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2014-02-20 16:05:21 CET
(In reply to David Walser from comment #0)
> Apparently the issue isn't fully fixed in openswan 2.6.40 upstream, so they
> will get another CVE for that, but it should be fixed in 2.6.41 when it
> comes out.

They got CVE-2014-2037, but that does *not* affect us:
http://openwall.com/lists/oss-security/2014/02/20/2
Comment 2 David Walser 2014-02-20 22:28:39 CET
Here's the commit that didn't fully fix the issue upstream:
https://github.com/xelerance/Openswan/commit/d558afa70bcaee9bbe4008ab1a82e944e54950be

A commit to fully fix the issue hasn't been committed yet.
Comment 3 David Walser 2014-02-20 23:32:52 CET
Re-diffed patch from RedHat committed to Mageia 3 SVN.
Comment 4 David Walser 2014-02-24 16:15:50 CET
Upstream commit to fix CVE-2014-2037, completing the CVE-2013-6466 fix:
https://github.com/xelerance/Openswan/commit/b36d3109d05f1b069a0a712de7777cef6f6a48e4
Comment 5 David Walser 2014-02-24 17:01:47 CET
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron.

Advisory:
========================

Updated openswan packages fix security vulnerability:

A NULL pointer dereference flaw was discovered in the way Openswan's IKE
daemon processed IKEv2 payloads. A remote attacker could send specially
crafted IKEv2 payloads that, when processed, would lead to a denial of
service (daemon crash), possibly causing existing VPN connections to be
dropped (CVE-2013-6466).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6466
https://rhn.redhat.com/errata/RHSA-2014-0185.html
========================

Updated packages in core/updates_testing:
========================
openswan-2.6.28-5.1.mga3
openswan-doc-2.6.28-5.1.mga3
openswan-2.6.39-3.1.mga4
openswan-doc-2.6.39-3.1.mga4

from SRPMS:
openswan-2.6.28-5.1.mga3.src.rpm
openswan-2.6.39-3.1.mga4.src.rpm
Comment 6 claire robinson 2014-02-24 18:13:58 CET
Procedure: https://bugs.mageia.org/show_bug.cgi?id=7095#c7 onwards
Comment 7 Anne Nicolas 2014-02-24 22:30:21 CET
Tested on Mageia 4 x86_64

# service ipsec start
ipsec_setup: Starting Openswan IPsec 2.6.39...
ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey
ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY

# service ipsec status
IPsec running  - pluto pid: 27345
pluto pid 27345
No tunnels up

# service ipsec stop
ipsec_setup: Stopping Openswan IPsec...

# service ipsec status
IPsec stopped

So looks ok here
Comment 8 Anne Nicolas 2014-02-24 22:57:45 CET
Tested on Mageia 4 i586

# service ipsec start
ipsec_setup: Starting Openswan IPsec 2.6.39...
ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey
ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY

# service ipsec status
IPsec running  - pluto pid: 27345
pluto pid 27345
No tunnels up

# service ipsec stop
ipsec_setup: Stopping Openswan IPsec...

# service ipsec status
IPsec stopped

Validated on Mageia 4
Comment 9 claire robinson 2014-02-24 23:32:52 CET
Testing complete mga3 32 & 64
Comment 10 claire robinson 2014-02-24 23:37:59 CET
Advisory uploaded. Validating.

Could sysadmin please push to 3 & 4 updates

Thanks
Comment 11 Thomas Backlund 2014-02-25 23:21:07 CET
Update pushed:
http://advisories.mageia.org/MGASA-2014-0097.html

Note You need to log in before you can comment on or make changes to this bug.