[Announce] Openswan 2.6.29 released to address CVE-2010-3302 / CVE-2010-3308
Paul Wouters
paul at xelerance.com
Mon Sep 27 13:36:47 EDT 2010
Xelerance has released openswan 2.6.29
http://www.openswan.org/download/openswan-2.6.29.tar.gz
http://www.openswan.org/download/openswan-2.6.29.tar.gz.asc
This is an important security release that addresses two issues, for
which we have been assigned the following CVE's:
CVE-2010-3308 Openswan cisco banner option handling vulnerability
CVE-2010-3302: Openswan cisco DNS option handling vulnerability
ExecSum: openswan 2.6.25 upto 2.6.28 as client authenticated to
a malicious XAUTH server when used with remote_peer_type=cisco is
vulnerable to two buffer overflows and shell command injection.
CVE listings should appear shortly at:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3308
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3302
Local copies can be obtained at the URLs below. These URLs also
contain patches that address these issues for those that cannot
upgrade to 2.6.29.
http://www.openswan.org/security/CVE-2010-3308.php
http://www.openswan.org/security/CVE-2010-3302.php
The full changeset for this release follows below. Notably, this release
includes the "L2TP cannot reconnect when using NETKEY" bugfix as well.
v2.6.29 (September 27, 2010)
! This release is made for CVE-2010-3302 and CVE-2010-3308
* XAUTH: Avoid buffer overflow in CISCO DNS info [dhr/paul]
Avoid shell problems with single quotes CISCO DNS paramters [dhr/paul]
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3302
* XAUTH: Avoid buffer overflow in CISCO BANNER [dhr/paul]
Avoid shell problems with single quotes in CISCO paramters [dhr/paul]
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3308
* NETKEY: Fix for spurious %hold netlink-acquires [Paul/dhr]
* KLIPS: Fix compiling on 2.6.18 based RHEL5 kernels [Paul]
* Various fixes based on automated source code review [dhr]
* SAREF: Updated for 2.6.35 kernel [Harald]
* KLIPS: Updated for 2.6.35 kernel [Harald]
* PACKAGING Use Epoch 1: for Debian/Ubuntu [Simon]
* MAST: fix iptables rule "leak" on rekey [Bart]
* MAST: use only the most recent iptables rule [Bart]
* pluto: restrict rekeymargin to be smaller than salifetime [Bart]
* MAST: ensure we don't end up with mtu=0 on mast0 [Bart/Paul]
* MAST: enforce outgoing tunnel policy [Bart]
* MAST: use addflow pfkey command to set policy on tunnel SAs [Bart]
* Added a new pfkey flag, POLICYONLY, to the ADDFLOW command [Bart]
* MAST: allow for setting of policy for inbound SAs [Bart]
* MAST: favour deleting an SA even if the pfkey op failed [Bart]
* HAVESTATSD: Log new phase2 messages as a result of a rekey [Paul]
* MAST: use iptables --comment to show the conn name [Bart]
* VNET: differentiate instantiation of road warriors and vnet [Paul]
* Log LEAK_DETECTIVE and HAVE_LIBNSS support on startup [Paul]
* [IKEv2] connections were broken since 2.6.25 [Avesh]
* MAST: new "ipsec policy" command replaces "ipsec eroute" [Bart]
* Fix SElinux warning in realsetup (bz628879) [Avesh]
* Support for SHA2_256 in IKEv2 (bz621790) [Avesh]
* IKEv2: Fix for using MD5 and PRF conversion function [Avesh]
* SAREF: Improved workaround for rp_filter [Bart]
* NSS: Increase minimum nss for rhbz#453577 [Paul]
(this allows us to revert workaround in git 6c8ff2791d1)
* SAREF: Added /proc/net/ipsec/saref that shows kernel patch state [Bart]
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: CVE-2010-3302.txt
URL: <http://lists.openswan.org/pipermail/announce/attachments/20100927/5f828510/attachment-0004.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: CVE-2010-3308.txt
URL: <http://lists.openswan.org/pipermail/announce/attachments/20100927/5f828510/attachment-0005.txt>
More information about the Announce
mailing list