RHEL 6 : kernel (RHSA-2015:1199)

Updated kernel packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI

A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a...

Scientific Linux Security Update : libreswan on SL7.x x86_64 (20150623)

A flaw was discovered in the way Libreswan's IKE daemon processed certain IKEv1 payloads. A remote attacker could send specially crafted IKEv1 payloads that, when processed, would lead to a denial of service daemon crash. CVE-2015-3204 This update fixes the following bugs : - Previously, the...

libreswan security update

CentOS Errata and Security Advisory CESA-2015:1154 Updated libreswan packages that fix one security issue, several bugs and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

RedHat Update for libreswan RHSA-2015:1154-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for libreswan CESA-2015:1154 centos7

Check the version of libreswan SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882204";...

CentOS 7 : libreswan (CESA-2015:1154)

Updated libreswan packages that fix one security issue, several bugs and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

RHEL 7 : libreswan (RHSA-2015:1154)

Updated libreswan packages that fix one security issue, several bugs and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Oracle Linux 7 : libreswan (ELSA-2015-1154)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2015-1154 advisory. - Resolves: rhbz1226407 CVE-2015-3204 libreswan: crafted IKE packet causes daemon restart Tenable has extracted the preceding description block directly from th...

Moderate: Red Hat Security Advisory: libreswan security, bug fix and enhancement update

Updated libreswan packages that fix one security issue, several bugs and add two enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Cisco ASA AES-GCM Vulnerability (Cisco-SA-20150616-CVE-2015-4550)

Cisco ASA is prone to an encrypted IPSec or IKEv2 modification vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

CVE-2015-4550

The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance ASA devices with software 9.33 and 9.41.1 does not verify the AES-GCM Integrity Check Value ICV octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, ak...

Code injection

The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance ASA devices with software 9.33 and 9.41.1 does not verify the AES-GCM Integrity Check Value ICV octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, ak...

CVE-2015-4550

The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance ASA devices with software 9.33 and 9.41.1 does not verify the AES-GCM Integrity Check Value ICV octets, which makes it easier for man-in-the-middle attackers to spoof IPSec and IKEv2 traffic by modifying packet data, ak...

CVE-2015-4550

CVE-2015-4550 affects Cisco ASA devices running ASA software 9.3(3) and 9.4(1.1), where the Cavium cryptographic-module firmware fails to verify AES-GCM ICV octets. This enables a remote attacker to perform a man-in-the-middle modification of IPSec/IKEv2 traffic without detection, effectively spo...

Cisco Adaptive Security Appliance Encrypted IPSec or IKEv2 Packet Modification Vulnerability

A vulnerability in the AES-GCM code of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to modify the contents of an encrypted IPSec or IKEv2 packet, and for those modifications not to be detected. The vulnerability is due to an error on the firmware of the...

Debian DLA-244-1 : strongswan security update

Alexander E. Patrakov discovered an issue in strongSwan, an IKE/IPsec suite used to establish IPsec protected links. When a client authenticate the server with certificates and the client authenticates using pre-shared key or EAP, the constraints on the server certificate are only enforced by the...

[SECURITY] Fedora 20 Update: libreswan-3.13-1.fc20

Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

CVE-2015-0771

The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service device reload by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505...