18 matches found
Alibaba Cloud Linux 3 : 0216: libreswan (ALINUX3-SA-2022:0216)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0216 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-23094: Libreswan 4.2 through 4.5 allows...
Rocky Linux 8 : libreswan (RLSA-2022:0199)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0199 advisory. - Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted IKEv1 packet because...
OESA-2022-1738 libreswan security update
Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...
AlmaLinux 8 : libreswan (ALSA-2022:0199)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:0199 advisory. - Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted IKEv1 packet because...
Mageia: Security Advisory (MGASA-2022-0030)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated libreswan packages fix security vulnerability
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. CVE-2022-23094...
MGASA-2022-0030 Updated libreswan packages fix security vulnerability
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. CVE-2022-23094...
RHEL 8 : libreswan (RHSA-2022:0239)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0239 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...
Important: Red Hat Security Advisory: libreswan security update
An update for libreswan is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
RHEL 8 : libreswan (RHSA-2022:0199)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0199 advisory. Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...
Oracle Linux 8 : libreswan (ELSA-2022-0199)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-0199 advisory. 4.4-4.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 4.4-4 - Resolves: rhbz2036902 rebuild to enable rpminspect 4.4-3 - Resolves: rhbz2036902: f...
Important: Red Hat Security Advisory: libreswan security update
An update for libreswan is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
ALSA-2022:0199 Important: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network VPN...
RLSA-2022:0199 Important: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network VPN...
Important: libreswan security update
Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network VPN...
Debian DSA-5048-1 : libreswan - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5048 advisory. It was discovered that the libreswan IPsec implementation could be forced into a crash/restart via a malformed IKEv1 packet, resulting in denial of service. For the stable...
[SECURITY] [DSA 5048-1] libreswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5048-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 15, 2022 https://www.debian.org/security/faq -...
CVE-2022-23094
Summary (CVE-2022-23094) Libreswan versions 4.2–4.5 are affected by a denial-of-service issue triggered by a malformed IKEv1 packet, caused by pluto/ikev1.c assuming a state object exists. This can lead to a NULL pointer dereference and daemon crash. The issue is fixed in version 4.6. Impact and ...