Multiple vulnerabilities in the pluto IKE daemon of Openswan might allow remote attackers to cause a Denial of Service.
|Package||net-misc/openswan on all architectures|
|Affected versions||< 2.4.15|
|Unaffected versions||>= 2.4.15|
Openswan is an implementation of IPsec for Linux.
Multiple vulnerabilities have been discovered in Openswan:
A remote attacker could exploit these vulnerabilities by sending specially crafted R_U_THERE or R_U_THERE_ACK packets, or a specially crafted X.509 certificate containing a malicious Relative Distinguished Name (RDN), UTCTIME string or GENERALIZEDTIME string to cause a Denial of Service of the pluto IKE daemon.
There is no known workaround at this time.
All Openswan users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.15"