The libreswan team have released version 4.15 to fix CVE-2024-3652. https://github.com/advisories/GHSA-395v-96gv-76w3
Cauldron updated
CVE: (none) => CVE-2024-3652
Advisory ======== libreswan has been updated to version 4.15 to fix CVE-2024-3652. CVE-2024-3652: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. References ========== https://github.com/advisories/GHSA-395v-96gv-76w3 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3652 Files ===== Uploaded to core/updates_testing libreswan-4.15-1.mga9 from libreswan-4.15-1.mga9.src.rpm
Assignee: smelror => qa-bugs
Keywords: (none) => advisory
RH mageia 9 x86_64 LC_ALL=C urpmi libreswan To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release (distrib1)") lib64ldns3 1.8.3 1.mga9 x86_64 (medium "Core Updates (distrib3)") libreswan 4.14 1.mga9 x86_64 4.8MB of additional disk space will be used. 1.3MB of packages will be retrieved. Proceed with the installation of the 2 packages? (Y/n) y https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64ldns3-1.8.3-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/libreswan-4.14-1.mga9.x86_64.rpm installing libreswan-4.14-1.mga9.x86_64.rpm lib64ldns3-1.8.3-1.mga9.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ################################################################################################## 1/2: lib64ldns3 ################################################################################################## 2/2: libreswan ################################################################################################## LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing libreswan-4.15-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: libreswan ################################################################################################## 1/1: removing libreswan-4.14-1.mga9.x86_64 ################################################################################################## urpmq --whatrequires-recursive libreswan libreswan libreswan LC_ALL=C urpme libreswan removing libreswan-4.15-1.mga9.x86_64 removing package libreswan-4.15-1.mga9.x86_64 1/1: removing libreswan-4.15-1.mga9.x86_64 ##################################################################################################
CC: (none) => andrewsfarm
A little complex/time-consuming test this, give ok
Whiteboard: (none) => MGA9-64-OK
Previous updates were validated essentially after a clean install that didn't appear to do any harm. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0138.html
Status: NEW => RESOLVEDResolution: (none) => FIXED