[SECURITY] Fedora Core 4 Update: openswan-2.4.4-1.0.FC4.1

Harald Hoyer harald at redhat.com
Mon Nov 21 17:36:46 UTC 2005

Fedora Update Notification

Product     : Fedora Core 4
Name        : openswan
Version     : 2.4.4                      
Release     : 1.0.FC4.1                  
Summary     : Openswan IPSEC implementation
Description :

Openswan is a free implementation of IPSEC & IKE for Linux.  IPSEC is
the Internet Protocol Security and uses strong cryptography to provide
both authentication and encryption services.  These services allow you
to build secure tunnels through untrusted networks.  Everything passing
through the untrusted net is encrypted by the ipsec gateway machine and
decrypted by the gateway at the other end of the tunnel.  The resulting
tunnel is a virtual private network or VPN.

This package contains the daemons and userland tools for setting up
Openswan on a freeswan enabled kernel.

Update Information:

NISCC has reported two Denial of Service issues in Openswan.
The first involves a specially crafted 3DES packet with an
invalid key length.

The Openswan project has relased version 2.4.4 to fix both

See http://www.openswan.org/ for details.
* Mon Nov 21 2005 Harald Hoyer <harald at redhat.com> - 2.4.4-1.0.FC4.1
- version 2.4.4
- fixes NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
- fixes NISCC Advisory 3756/NISCC/ISAKMP

* Wed Nov  2 2005 Harald Hoyer <harald at redhat.com> - 2.4.2-0.dr5.1
- version 2.4.2dr5

* Tue Oct 25 2005 Harald Hoyer <harald at redhat.com> - 2.4.2-0.dr1.1
- version 2.4.2dr1

* Tue Sep 13 2005 Harald Hoyer <harald at redhat.com> - 2.4.0-1
- version 2.4.0

* Wed Aug 31 2005 Harald Hoyer <harald at redhat.com> - 2.4.0-0.rc4.1
- new version

* Sun Jul 31 2005 Florian La Roche <laroche at redhat.com>
- remove sysv startup links to build with current rpm

* Thu May 12 2005 Harald Hoyer <harald at redhat.com> - 2.3.1-3
- added openswan-2.3.1-nat_t_aggr.patch
- added openswan-2.3.1-iproute2.patch
- added openswan-2.3.1-cisco.patch
- NAT-T/XAUTH/AGGR-MODE is now possible with a Cisco VPN 3000

This update can be downloaded from:

fe9bc3fa5ef955e12050a4e19fc2b9b6  SRPMS/openswan-2.4.4-1.0.FC4.1.src.rpm
8d46760e08073c0932fff34d4fe8da06  ppc/openswan-2.4.4-1.0.FC4.1.ppc.rpm
acc08c24adbc56dacbaa2f6313216bdd  ppc/openswan-doc-2.4.4-1.0.FC4.1.ppc.rpm
57b16a581d23a636785cd592ba84bcdf  x86_64/openswan-2.4.4-1.0.FC4.1.x86_64.rpm
e970d54a13742f49fe99862f8b286efe  x86_64/openswan-doc-2.4.4-1.0.FC4.1.x86_64.rpm
ccf4eef51f820f89baa9f18a3a3ff15f  i386/openswan-2.4.4-1.0.FC4.1.i386.rpm
4f952b746ab8d9bc95cb2e830f1313d2  i386/openswan-doc-2.4.4-1.0.FC4.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

More information about the fedora-announce-list mailing list