Upstream have released a patch to fix CVE-2024-2357: https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.txt Fixed in version 4.13+. Mageia 9 is also affected.
Status comment: (none) => Fixed upstream in 4.13 and patch available from upsteamCVE: (none) => CVE-2024-2357Source RPM: (none) => libreswan-4.12-1.mga10.src.rpmWhiteboard: (none) => MGA9TOO
You look after this, Stig.
Assignee: bugsquad => smelror
Suggested advisory: ======================== The updated package fixes a security vulnerability: The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service. (CVE-2024-2357) References: https://libreswan.org/security/CVE-2024-2357/CVE-2024-2357.txt ======================== Updated package in core/updates_testing: ======================== libreswan-4.14-1.mga9 from SRPM: libreswan-4.14-1.mga9.src.rpm
Status comment: Fixed upstream in 4.13 and patch available from upsteam => (none)Whiteboard: MGA9TOO => (none)Source RPM: libreswan-4.12-1.mga10.src.rpm => libreswan-4.12-1.mga9.src.rpmAssignee: smelror => qa-bugsVersion: Cauldron => 9Status: NEW => ASSIGNED
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues Ref bug 31865 for testing. Installation nor removing libreswan does not affect my internal networking nor access to the internet. OK for me.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0113.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED