libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart).
bugzilla.redhat.com/show_bug.cgi?id=1356183
libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65R6OA5AY7K2UBQUDOLOS5Y3SCULQI6I/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKMS7R4TG6LTAGEBOWVUXF6LAWQXLNXV/