The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan’s default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | libreswan | <= 4.10-2+deb12u1 | libreswan_4.10-2+deb12u1_all.deb |
Debian | 11 | all | libreswan | <= 4.3-1+deb11u4 | libreswan_4.3-1+deb11u4_all.deb |
Debian | 10 | all | libreswan | <= 3.27-6+deb10u1 | libreswan_3.27-6+deb10u1_all.deb |
Debian | 999 | all | libreswan | <= 4.14-1 | libreswan_4.14-1_all.deb |
Debian | 13 | all | libreswan | <= 4.14-1 | libreswan_4.14-1_all.deb |