Advisories ยป MGASA-2014-0097

Updated openswan packages fix CVE-2013-6466

Publication date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6466

Description

Updated openswan packages fix security vulnerability:

A NULL pointer dereference flaw was discovered in the way Openswan's IKE
daemon processed IKEv2 payloads. A remote attacker could send specially
crafted IKEv2 payloads that, when processed, would lead to a denial of
service (daemon crash), possibly causing existing VPN connections to be
dropped (CVE-2013-6466).
                

References

SRPMS

4/core

3/core