Advisories » MGASA-2024-0138

Updated libreswan packages fix security vulnerability

Publication date: 19 Apr 2024
Modification date: 19 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-3652

Description

CVE-2024-3652: The Libreswan Project was notified of an issue causing
libreswan to restart when using IKEv1 without specifying an esp= line.
When the peer requests AES-GMAC, libreswan's default proposal handler
causes an assertion failure and crashes and restarts. IKEv2 connections
are not affected.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33105
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3652

SRPMS

9/core

• libreswan-4.15-1.mga9