Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.1684
libreswan security update
14 May 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libreswan
Publisher: Debian
Operating System: Debian GNU/Linux 10
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-1763
Reference: ESB-2020.1665
Original Bulletin:
http://www.debian.org/security/2020/dsa-4684
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4684-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
May 13, 2020 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : libreswan
CVE ID : CVE-2020-1763
Debian Bug : 960458
Stephan Zeisberg discovered that the libreswan IPsec implementation
could be forced into a crash/restart via a malformed IKEv1 Informational
Exchange packet, resulting in denial of service.
For the stable distribution (buster), this problem has been fixed in
version 3.27-6+deb10u1.
We recommend that you upgrade your libreswan packages.
For the detailed security status of libreswan please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libreswan
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl68RM9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RWCw//Te2J/Kk2Jz6o2Ld51VnQAi18+aNRBCd17Qrm8I/uzrzWDExH+5A4s3fk
9NVKUd0Qce/1ceNihmAosr6sGM6EAK04dTX8uKa8024pl/X1hQuxUYUQkoVlHD8r
LBgaQzassxmnEjTkkuU5oX60Zzn6AKVoRmNJalHN7b5ribRwKRMwxHrra/NtM0gi
5FUnFqR47Z071I7oM0ib2by+eIWyvXs+Yhrz7iQPtjSvWRbZyxr9hYgUr/GQAygK
7GccDnnaNiGYtzotEOwGZrOi4PsMAIjW7ha5yl+/f69Dk22vQ53gvb5UrVBNrcXm
RKcflpLYHMujjGnGQ3b7lW6Gqdyf0grq3gekq9CEaqJT45QVuHpmpTPHxnDSd9MS
zCb+r+f8uzRlrfXkz+KdFLnYgrpDH5lw1nAfJdT7pWmUBuC0Em8J6iEd3HcnPW/3
g7juVedr3XfE3RC7wzMtAcPvCvZ2x7yXZCuEkhHftA846EA1Veebk6+GIrgQkaHi
iNRoLCJ0mlkMDsEbMUrcxEj1fxP8B0TT+QMRaDdeGhvaX3LeTHJXpW7hBE3fafbO
ci0xIOP/FjDwoiHi36Qml1pD933dJtf5gT2EuiRJmVuFfSgsuyvkn7VTabNHcthA
IK4YsIv4ud8lRcYF1BbI+zxef6en3aXZrqpHdyp3rEvQWdMXFus=
=I7dn
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXrx5+WaOgq3Tt24GAQhhOw/+OBLDULZcvYKdFzvnKszGofhYaFzfDs/P
Mk9NtDlcn0REpcBEdx3c5icWOZdxU4DadotopqFHGY7D9C+TLta6zmHk5m9EDLck
KsRDuVBtrB9maM5jOA4IcKbIPGj6XtO5sKTi3GNnIthLNQUyBYSafMfLNlCVtJDr
j4HlnXnM5x/vBKz/WzFXGbqKbpjVcCBv1Bct/y0c8UwWTbhKbeaJHqengWJl8M81
21xGY5+fD5Nlq8RspPvruh4eW0U/peei10eoR/ikNDTke0Oh6eXDus/gFUC/sC8K
KG2fAsoFste+Gpc9E0BuESXKqVbnmRiz6D1ZIQkbUHktfYWL9dd3BBn+Q9uZXd1Z
OVHv2YkRwAOWp/2GLD9YZLvyIp9xN5m71BXh74aUa56CPxykKh7HsmI3JviEoack
3x1JawwHrf4GcC1gsZrrxmCLbY21mD3BWNzB2Yw7Mt9NS4QHgZG136GO6NAwCQx8
5FCXS7K9WnWiqZvQGaOs5oY4E21r7LVThnTUZLQCIvB+5xlHcbF+15J8BT4NPl0g
TxBEZIlezQPo9wS5Q6tqik9CsZDGgzdAeQsIIOB9M+a6yObEqiNMiwKV0u8u3u3a
05lmzdxB2RG4uqvTHqjXeed+ngG/PkqBskitgBz+FKelbtNrVpAX0PwLVLubhSgY
8w8oNw102D4=
=Dxa+
-----END PGP SIGNATURE-----