Updated libreswan packages fix security vulnerabilities
Publication date: 06 Apr 2024Modification date: 06 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-2357
Description
The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service. (CVE-2024-2357)
References
SRPMS
9/core
- libreswan-4.14-1.mga9