RedHat has issued an advisory on February 18: https://rhn.redhat.com/errata/RHSA-2014-0185.html Apparently the issue isn't fully fixed in openswan 2.6.40 upstream, so they will get another CVE for that, but it should be fixed in 2.6.41 when it comes out. As for patching our versions, I don't have links to upstream commits that would be helpful to fix 2.6.39 (Mageia 4 and Cauldron) and RedHat's patch for 2.6.32 doesn't look reasonably rediffable for that version. It may be rediffable for 2.6.28 in Mageia 3 (8 failed patch hunks). Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
(In reply to David Walser from comment #0) > Apparently the issue isn't fully fixed in openswan 2.6.40 upstream, so they > will get another CVE for that, but it should be fixed in 2.6.41 when it > comes out. They got CVE-2014-2037, but that does *not* affect us: http://openwall.com/lists/oss-security/2014/02/20/2
Here's the commit that didn't fully fix the issue upstream: https://github.com/xelerance/Openswan/commit/d558afa70bcaee9bbe4008ab1a82e944e54950be A commit to fully fix the issue hasn't been committed yet.
Re-diffed patch from RedHat committed to Mageia 3 SVN.
Upstream commit to fix CVE-2014-2037, completing the CVE-2013-6466 fix: https://github.com/xelerance/Openswan/commit/b36d3109d05f1b069a0a712de7777cef6f6a48e4
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated openswan packages fix security vulnerability: A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service (daemon crash), possibly causing existing VPN connections to be dropped (CVE-2013-6466). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6466 https://rhn.redhat.com/errata/RHSA-2014-0185.html ======================== Updated packages in core/updates_testing: ======================== openswan-2.6.28-5.1.mga3 openswan-doc-2.6.28-5.1.mga3 openswan-2.6.39-3.1.mga4 openswan-doc-2.6.39-3.1.mga4 from SRPMS: openswan-2.6.28-5.1.mga3.src.rpm openswan-2.6.39-3.1.mga4.src.rpm
Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Procedure: https://bugs.mageia.org/show_bug.cgi?id=7095#c7 onwards
Whiteboard: MGA3TOO => MGA3TOO has_procedure
Tested on Mageia 4 x86_64 # service ipsec start ipsec_setup: Starting Openswan IPsec 2.6.39... ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY # service ipsec status IPsec running - pluto pid: 27345 pluto pid 27345 No tunnels up # service ipsec stop ipsec_setup: Stopping Openswan IPsec... # service ipsec status IPsec stopped So looks ok here
CC: (none) => ennael1Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga4-64-ok
Tested on Mageia 4 i586 # service ipsec start ipsec_setup: Starting Openswan IPsec 2.6.39... ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey ipsec_setup: NETKEY support found. Use protostack=netkey in /etc/ipsec.conf to avoid attempts to use KLIPS. Attempting to continue with NETKEY # service ipsec status IPsec running - pluto pid: 27345 pluto pid 27345 No tunnels up # service ipsec stop ipsec_setup: Stopping Openswan IPsec... # service ipsec status IPsec stopped Validated on Mageia 4
Whiteboard: MGA3TOO has_procedure mga4-64-ok => MGA3TOO has_procedure mga4-64-ok mga4-32-ok
Testing complete mga3 32 & 64
Whiteboard: MGA3TOO has_procedure mga4-64-ok mga4-32-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok mga4-32-ok
Advisory uploaded. Validating. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok mga4-32-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-64-ok mga4-32-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0097.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED