Lucene search
AmazonALAS-2011-018HistoryNov 09, 2011 - 9:34 p.m.
Medium: openswan
2011-11-0921:34:00
alas.aws.amazon.com
7
0.01 Low
EPSS
Percentile
83.7%
Issue Overview:
A use-after-free flaw was found in the way Openswan’s pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP (symmetric multiprocessing) systems that have the cryptographic helpers enabled.
Affected Packages:
openswan
Issue Correction:
Run yum update openswan to update your system.
New Packages:
i686:
openswan-2.6.37-2.15.amzn1.i686
openswan-doc-2.6.37-2.15.amzn1.i686
openswan-debuginfo-2.6.37-2.15.amzn1.i686
src:
openswan-2.6.37-2.15.amzn1.src
x86_64:
openswan-2.6.37-2.15.amzn1.x86_64
openswan-doc-2.6.37-2.15.amzn1.x86_64
openswan-debuginfo-2.6.37-2.15.amzn1.x86_64
Additional References
Red Hat: CVE-2011-4073
Mitre: CVE-2011-4073
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | openswan | < 2.6.37-2.15.amzn1 | openswan-2.6.37-2.15.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openswan-doc | < 2.6.37-2.15.amzn1 | openswan-doc-2.6.37-2.15.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openswan-debuginfo | < 2.6.37-2.15.amzn1 | openswan-debuginfo-2.6.37-2.15.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | openswan | < 2.6.37-2.15.amzn1 | openswan-2.6.37-2.15.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openswan-doc | < 2.6.37-2.15.amzn1 | openswan-doc-2.6.37-2.15.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openswan-debuginfo | < 2.6.37-2.15.amzn1 | openswan-debuginfo-2.6.37-2.15.amzn1.x86_64.rpm |
Related
securityvulns
securityvulns
OpenSWAN use-after-free
2012-01-09 00:00:00
CVE-2011-4073 Openswan crypto helper crasher
2012-01-09 00:00:00
openvas
openvas
Fedora Update for openswan FEDORA-2011-15077
2011-12-12 00:00:00
CentOS Update for openswan CESA-2011:1422 centos5 i386
2011-11-03 00:00:00
Debian Security Advisory DSA 2374-1 (openswan)
2012-02-11 00:00:00
nessus
nessus
RHEL 5 / 6 : openswan (RHSA-2011:1422)
2011-11-03 00:00:00
SuSE 10 Security Update : openswan (ZYPP Patch Number 7836)
2011-12-13 00:00:00
Amazon Linux AMI : openswan (ALAS-2011-18)
2013-09-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:03:19
osv
osv
openswan - implementation error
2011-12-26 00:00:00
oraclelinux
oraclelinux
openswan security update
2011-11-02 00:00:00
prion
prion
Design/Logic Flaw
2011-11-17 19:55:00
centos
centos
openswan security update
2011-11-03 03:50:42
ubuntucve
ubuntucve
CVE-2011-4073
2011-11-17 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: openswan-2.6.37-1.fc16
2011-12-10 19:48:36
[SECURITY] Fedora 14 Update: openswan-2.6.33-3.fc14
2011-12-10 19:50:44
[SECURITY] Fedora 15 Update: openswan-2.6.37-1.fc15
2011-12-10 19:56:46
redhat
redhat
(RHSA-2011:1422) Moderate: openswan security update
2011-11-02 00:00:00
debian
debian
[SECURITY] [DSA 2374-1] openswan security update
2011-12-26 12:48:11
[BSA-061] Security Update for openswan
2012-01-02 20:07:53
[BSA-061] Security Update for openswan
2012-01-17 09:00:02
cvelist
cvelist
CVE-2011-4073
2011-11-17 19:00:00
cve
cve
CVE-2011-4073
2011-11-17 19:55:00
gentoo
gentoo
Openswan: Denial of service
2012-03-16 00:00:00