Bug 25065 - libreswan new security issue - CVE-2019-10155
Summary: libreswan new security issue - CVE-2019-10155
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-32-OK MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-07-06 19:32 CEST by Stig-Ørjan Smelror
Modified: 2019-07-21 20:18 CEST (History)
4 users (show)

See Also:
Source RPM: libreswan-3.27-4.mga7.src.rpm
CVE: CVE-2019-10155
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Stig-Ørjan Smelror 2019-07-06 19:32:56 CEST 
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

https://nvd.nist.gov/vuln/detail/CVE-2019-10155
Comment 1 Stig-Ørjan Smelror 2019-07-06 19:48:42 CEST 
Version 3.29 pushed to Cauldron

Version: Cauldron => 7
CVE: (none) => CVE-2019-10155

Comment 2 Stig-Ørjan Smelror 2019-07-06 19:52:33 CEST 
Advisory
========
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

References
==========
https://nvd.nist.gov/vuln/detail/CVE-2019-10155

Files
=====

Uploaded to core/updates_testing

unbound-1.9.1-1.1.mga7
libunbound8-1.9.1-1.1.mga7
libunbound-devel-1.9.1-1.1.mga7
python2-unbound-1.9.1-1.1.mga7
python3-unbound-1.9.1-1.1.mga7

from unbound-1.9.1-1.1.mga7.src.rpm

libreswan-3.29-1.mga7

from libreswan-3.29-1.mga7.src.rpm

Assignee: smelror => qa-bugs

Comment 3 Stig-Ørjan Smelror 2019-07-07 00:32:27 CEST 
Advisory
========
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

References
==========
https://nvd.nist.gov/vuln/detail/CVE-2019-10155

Files
=====

Uploaded to core/updates_testing

unbound-1.9.1-1.1.mga7
libunbound8-1.9.1-1.1.mga7
libunbound-devel-1.9.1-1.1.mga7
python2-unbound-1.9.1-1.1.mga7
python3-unbound-1.9.1-1.1.mga7

from unbound-1.9.1-1.1.mga7.src.rpm

libreswan-3.29-1.1.mga7

from libreswan-3.29-1.1.mga7.src.rpm
Comment 4 Herman Viaene 2019-07-08 11:43:38 CEST 
MGA7-32 MATE on IBM Thinkpad R50e
No installation issues
Did some googling on libreswan (no previous update bugs found) and concluded this is not in my league.
I'm happy to report it does not disturb my little LAN DNS setup, so if the higher powers are happy with this clean install, I will not object this update is OK'ed.

CC: (none) => herman.viaene

Comment 5 nathan giovannini 2019-07-20 18:21:28 CEST 
MGA7-64 After this update I do not notice any issues nor bugs of sorts regarding my Acer Aspire.
As far as I'm concerned this update can be validated

CC: (none) => nathan95

David Walser 2019-07-20 18:29:53 CEST

Whiteboard: (none) => MGA7-32-OK MGA7-64-OK
Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Thomas Backlund 2019-07-21 14:04:09 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 6 Mageia Robot 2019-07-21 20:18:36 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0210.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.