Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1684 libreswan security update 14 May 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libreswan Publisher: Debian Operating System: Debian GNU/Linux 10 Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-1763 Reference: ESB-2020.1665 Original Bulletin: http://www.debian.org/security/2020/dsa-4684 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4684-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 13, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libreswan CVE ID : CVE-2020-1763 Debian Bug : 960458 Stephan Zeisberg discovered that the libreswan IPsec implementation could be forced into a crash/restart via a malformed IKEv1 Informational Exchange packet, resulting in denial of service. For the stable distribution (buster), this problem has been fixed in version 3.27-6+deb10u1. We recommend that you upgrade your libreswan packages. For the detailed security status of libreswan please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libreswan Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl68RM9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RWCw//Te2J/Kk2Jz6o2Ld51VnQAi18+aNRBCd17Qrm8I/uzrzWDExH+5A4s3fk 9NVKUd0Qce/1ceNihmAosr6sGM6EAK04dTX8uKa8024pl/X1hQuxUYUQkoVlHD8r LBgaQzassxmnEjTkkuU5oX60Zzn6AKVoRmNJalHN7b5ribRwKRMwxHrra/NtM0gi 5FUnFqR47Z071I7oM0ib2by+eIWyvXs+Yhrz7iQPtjSvWRbZyxr9hYgUr/GQAygK 7GccDnnaNiGYtzotEOwGZrOi4PsMAIjW7ha5yl+/f69Dk22vQ53gvb5UrVBNrcXm RKcflpLYHMujjGnGQ3b7lW6Gqdyf0grq3gekq9CEaqJT45QVuHpmpTPHxnDSd9MS zCb+r+f8uzRlrfXkz+KdFLnYgrpDH5lw1nAfJdT7pWmUBuC0Em8J6iEd3HcnPW/3 g7juVedr3XfE3RC7wzMtAcPvCvZ2x7yXZCuEkhHftA846EA1Veebk6+GIrgQkaHi iNRoLCJ0mlkMDsEbMUrcxEj1fxP8B0TT+QMRaDdeGhvaX3LeTHJXpW7hBE3fafbO ci0xIOP/FjDwoiHi36Qml1pD933dJtf5gT2EuiRJmVuFfSgsuyvkn7VTabNHcthA IK4YsIv4ud8lRcYF1BbI+zxef6en3aXZrqpHdyp3rEvQWdMXFus= =I7dn - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXrx5+WaOgq3Tt24GAQhhOw/+OBLDULZcvYKdFzvnKszGofhYaFzfDs/P Mk9NtDlcn0REpcBEdx3c5icWOZdxU4DadotopqFHGY7D9C+TLta6zmHk5m9EDLck KsRDuVBtrB9maM5jOA4IcKbIPGj6XtO5sKTi3GNnIthLNQUyBYSafMfLNlCVtJDr j4HlnXnM5x/vBKz/WzFXGbqKbpjVcCBv1Bct/y0c8UwWTbhKbeaJHqengWJl8M81 21xGY5+fD5Nlq8RspPvruh4eW0U/peei10eoR/ikNDTke0Oh6eXDus/gFUC/sC8K KG2fAsoFste+Gpc9E0BuESXKqVbnmRiz6D1ZIQkbUHktfYWL9dd3BBn+Q9uZXd1Z OVHv2YkRwAOWp/2GLD9YZLvyIp9xN5m71BXh74aUa56CPxykKh7HsmI3JviEoack 3x1JawwHrf4GcC1gsZrrxmCLbY21mD3BWNzB2Yw7Mt9NS4QHgZG136GO6NAwCQx8 5FCXS7K9WnWiqZvQGaOs5oY4E21r7LVThnTUZLQCIvB+5xlHcbF+15J8BT4NPl0g TxBEZIlezQPo9wS5Q6tqik9CsZDGgzdAeQsIIOB9M+a6yObEqiNMiwKV0u8u3u3a 05lmzdxB2RG4uqvTHqjXeed+ngG/PkqBskitgBz+FKelbtNrVpAX0PwLVLubhSgY 8w8oNw102D4= =Dxa+ -----END PGP SIGNATURE-----