ipsec security update

2007-05-20T02:22:03
ID CESA-2007:0342
Type centos
Reporter CentOS Project
Modified 2007-05-20T02:22:03

Description

CentOS Errata and Security Advisory CESA-2007:0342

The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon.

A denial of service flaw was found in the ipsec-tools racoon daemon. It was possible for a remote attacker, with knowledge of an existing ipsec tunnel, to terminate the ipsec connection between two machines. (CVE-2007-1841)

Users of ipsec-tools should upgrade to these updated packages, which contain a backported patch that resolves this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2007-May/013804.html http://lists.centos.org/pipermail/centos-announce/2007-May/013805.html

Affected packages: ipsec-tools

Upstream details at: https://rhn.redhat.com/errata/RHSA-2007-0342.html