Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2014:0185
HistoryFeb 18, 2014 - 7:52 p.m.

openswan security update

2014-02-1819:52:25
CentOS Project
lists.centos.org
42

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.7%

JSON

CentOS Errata and Security Advisory CESA-2014:0185

Openswan is a free implementation of Internet Protocol Security (IPsec) and
Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both
authentication and encryption services. These services allow you to build
secure tunnels through untrusted networks.

A NULL pointer dereference flaw was discovered in the way Openswan’s IKE
daemon processed IKEv2 payloads. A remote attacker could send specially
crafted IKEv2 payloads that, when processed, would lead to a denial of
service (daemon crash), possibly causing existing VPN connections to be
dropped. (CVE-2013-6466)

All openswan users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-February/082323.html
https://lists.centos.org/pipermail/centos-announce/2014-February/082324.html

Affected packages:
openswan
openswan-doc

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0185

Related

openvas 12
amazon 1
nessus 7
gentoo 1
mageia 1
cve 1
oraclelinux 1
redhat 1
prion 1
ics 1
seebug 1
securityvulns 2
ubuntucve 2
debian 1
osv 1
openvas
openvas
CentOS Update for openswan CESA-2014:0185 centos5
2014-02-20 00:00:00
RedHat Update for openswan RHSA-2014:0185-01
2014-02-20 00:00:00
CentOS Update for openswan CESA-2014:0185 centos5
2014-02-20 00:00:00
amazon
amazon
Medium: openswan
2014-03-10 09:40:00
nessus
nessus
CentOS 5 / 6 : openswan (CESA-2014:0185)
2014-02-19 00:00:00
GLSA-201411-07 : Openswan: Denial of Service
2014-11-24 00:00:00
Scientific Linux Security Update : openswan on SL5.x, SL6.x i386/x86_64 (20140218)
2014-02-19 00:00:00
gentoo
gentoo
Openswan: Denial of service
2014-11-23 00:00:00
mageia
mageia
Updated openswan packages fix CVE-2013-6466
2014-02-26 01:39:07
cve
cve
CVE-2013-6466
2014-01-26 20:55:00
oraclelinux
oraclelinux
openswan security update
2014-02-18 00:00:00
redhat
redhat
(RHSA-2014:0185) Moderate: openswan security update
2014-02-18 00:00:00
prion
prion
Null pointer dereference
2014-01-26 20:55:00
ics
ics
PHOENIX CONTACT, Innominate Security Technologies mGuard Firmware
2017-09-07 12:00:00
seebug
seebug
Openswan IKEv2θ΄Ÿθ½½θΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž
2014-02-20 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2893-1] openswan security update
2014-04-07 00:00:00
Openswan / Strongswan security vulnerabilities
2014-05-07 00:00:00
ubuntucve
ubuntucve
CVE-2014-2037
2014-11-26 00:00:00
CVE-2013-6466
2014-01-26 00:00:00
debian
debian
[SECURITY] [DSA 2893-1] openswan security update
2014-03-31 20:01:56
osv
osv
openswan - security update
2014-03-31 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.7%

JSON
Related for CESA-2014:0185
openvas12amazon1nessus7gentoo1mageia1cve1oraclelinux1redhat1prion1ics1seebug1securityvulns2ubuntucve2debian1osv1