An update for libreswan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1565 Final 1.0 1.0 2024-05-10 Initial 2024-05-10 2024-05-10 openEuler SA Tool V1.0 2024-05-10 libreswan security update An update for libreswan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. Security Fix(es): The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.(CVE-2024-3652) An update for libreswan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low libreswan https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1565 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-3652 https://nvd.nist.gov/vuln/detail/CVE-2024-3652 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 libreswan-4.15-1.oe1.aarch64.rpm libreswan-help-4.15-1.oe1.aarch64.rpm libreswan-debugsource-4.15-1.oe1.aarch64.rpm libreswan-debuginfo-4.15-1.oe1.aarch64.rpm libreswan-help-4.15-1.oe2003sp4.aarch64.rpm libreswan-debugsource-4.15-1.oe2003sp4.aarch64.rpm libreswan-debuginfo-4.15-1.oe2003sp4.aarch64.rpm libreswan-4.15-1.oe2003sp4.aarch64.rpm libreswan-debuginfo-4.15-1.oe2203.aarch64.rpm libreswan-debugsource-4.15-1.oe2203.aarch64.rpm libreswan-4.15-1.oe2203.aarch64.rpm libreswan-help-4.15-1.oe2203.aarch64.rpm libreswan-4.15-1.oe2203sp1.aarch64.rpm libreswan-debuginfo-4.15-1.oe2203sp1.aarch64.rpm libreswan-debugsource-4.15-1.oe2203sp1.aarch64.rpm libreswan-help-4.15-1.oe2203sp1.aarch64.rpm libreswan-debuginfo-4.15-1.oe2203sp2.aarch64.rpm libreswan-debugsource-4.15-1.oe2203sp2.aarch64.rpm libreswan-help-4.15-1.oe2203sp2.aarch64.rpm libreswan-4.15-1.oe2203sp2.aarch64.rpm libreswan-debugsource-4.15-1.oe2203sp3.aarch64.rpm libreswan-debuginfo-4.15-1.oe2203sp3.aarch64.rpm libreswan-help-4.15-1.oe2203sp3.aarch64.rpm libreswan-4.15-1.oe2203sp3.aarch64.rpm libreswan-4.15-1.oe1.src.rpm libreswan-4.15-1.oe2003sp4.src.rpm libreswan-4.15-1.oe2203.src.rpm libreswan-4.15-1.oe2203sp1.src.rpm libreswan-4.15-1.oe2203sp2.src.rpm libreswan-4.15-1.oe2203sp3.src.rpm libreswan-help-4.15-1.oe1.x86_64.rpm libreswan-debugsource-4.15-1.oe1.x86_64.rpm libreswan-debuginfo-4.15-1.oe1.x86_64.rpm libreswan-4.15-1.oe1.x86_64.rpm libreswan-4.15-1.oe2003sp4.x86_64.rpm libreswan-debugsource-4.15-1.oe2003sp4.x86_64.rpm libreswan-debuginfo-4.15-1.oe2003sp4.x86_64.rpm libreswan-help-4.15-1.oe2003sp4.x86_64.rpm libreswan-4.15-1.oe2203.x86_64.rpm libreswan-debuginfo-4.15-1.oe2203.x86_64.rpm libreswan-debugsource-4.15-1.oe2203.x86_64.rpm libreswan-help-4.15-1.oe2203.x86_64.rpm libreswan-help-4.15-1.oe2203sp1.x86_64.rpm libreswan-debugsource-4.15-1.oe2203sp1.x86_64.rpm libreswan-debuginfo-4.15-1.oe2203sp1.x86_64.rpm libreswan-4.15-1.oe2203sp1.x86_64.rpm libreswan-debuginfo-4.15-1.oe2203sp2.x86_64.rpm libreswan-debugsource-4.15-1.oe2203sp2.x86_64.rpm libreswan-4.15-1.oe2203sp2.x86_64.rpm libreswan-help-4.15-1.oe2203sp2.x86_64.rpm libreswan-4.15-1.oe2203sp3.x86_64.rpm libreswan-debugsource-4.15-1.oe2203sp3.x86_64.rpm libreswan-debuginfo-4.15-1.oe2203sp3.x86_64.rpm libreswan-help-4.15-1.oe2203sp3.x86_64.rpm The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan s default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. 2024-05-10 CVE-2024-3652 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 Low 3.5 AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L libreswan security update 2024-05-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1565