Advisories » MGASA-2014-0097

Updated openswan packages fix CVE-2013-6466

Publication date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6466

Description

Updated openswan packages fix security vulnerability:

A NULL pointer dereference flaw was discovered in the way Openswan's IKE
daemon processed IKEv2 payloads. A remote attacker could send specially
crafted IKEv2 payloads that, when processed, would lead to a denial of
service (daemon crash), possibly causing existing VPN connections to be
dropped (CVE-2013-6466).
                

References

• https://rhn.redhat.com/errata/RHSA-2014-0185.html
• https://bugs.mageia.org/show_bug.cgi?id=12823
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6466

SRPMS

3/core

• openswan-2.6.28-5.1.mga3

4/core

• openswan-2.6.39-3.1.mga4