RedHat has issued an advisory today (May 12): https://access.redhat.com/errata/RHSA-2020:2070 The issue is fixed upstream in 3.32: https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt Mageia 7 is also affected.
Status comment: (none) => Fixed upstream in 3.32Whiteboard: (none) => MGA7TOO
Updated packages uploaded by Stig-Ørjan. Advisory: ======================== Updated libreswan packages fix security vulnerability: An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash (CVE-2020-1763). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1763 https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt https://access.redhat.com/errata/RHSA-2020:2070 ======================== Updated packages in core/updates_testing: ======================== libreswan-3.32-1.mga7 from libreswan-3.32-1.mga7.src.rpm
Whiteboard: MGA7TOO => (none)Version: Cauldron => 7CC: (none) => smelrorStatus comment: Fixed upstream in 3.32 => (none)Assignee: smelror => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. Ref to bug 25065 and not noticing any ill effects on this laptop and its access to my LAN, OK'ing.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0215.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED