Upstream have released a patch to fix CVE-2023-30570
Fixed in version 4.11. Cauldron updated.
Fixed upstream in version 4.11CVE:
RedHat has issued an advisory for this today (May 4):
Fedora has issued an advisory for this on May 12:
New security fixes in version 4.12
* SECURITY IKEv2: Fixes https://libreswan.org/security/CVE-2023-38710
* SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38711
* SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38712
Fixed upstream in version 4.11 =>
Fixed upstream in version 4.12Summary:
libreswan new security issue - CVE-2023-30570 =>
libreswan new security issue - CVE-2023-30570,CVE-2023-38710,CVE-2023-38711,CVE-2023-38712
updating to 4.12 in mga8 will break atleast networkmanager-l2tp
(it's already broken in mga9 with 4.11)
so bug 32211 needs to be validated before this can be pushed...