Updated openswan packages fix CVE-2013-6466
Publication date: 25 Feb 2014Modification date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-6466
Description
Updated openswan packages fix security vulnerability: A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service (daemon crash), possibly causing existing VPN connections to be dropped (CVE-2013-6466).
References
SRPMS
3/core
- openswan-2.6.28-5.1.mga3
4/core
- openswan-2.6.39-3.1.mga4