Openswan: Denial of Service — GLSA 201411-07

A NULL pointer dereference in Openswan may allow remote attackers to cause Denial of Service.

Affected Packages

net-misc/openswan on all architectures
Affected versions <= 2.6.39-r1
Unaffected versions

Background

Openswan is an implementation of IPsec for Linux.

Description

A NULL pointer dereference has been found in Openswan.

Impact

A remote attacker could create a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for Openswan. We recommend that users unmerge Openswan:

 # emerge --unmerge "net-misc/openswan"
 

NOTE: The Gentoo developer(s) maintaining Openswan have discontinued support at this time. It may be possible that a new Gentoo developer will update Openswan at a later date. Alternatives packages such as Libreswan and strongSwan are currently available in Gentoo Portage.

References

Release Date
November 23, 2014

Latest Revision
November 23, 2014: 1

Severity
normal

Exploitable
remote

Bugzilla entries