openswan (SL5, SL6)

By Scientific Linux Team on February 18, 2014

Synopsis: Moderate: openswan security update
Advisory ID: SLSA-2014:0185-1
Issue Date: 2014-02-18
CVE Numbers: CVE-2013-6466

A NULL pointer dereference flaw was discovered in the way Openswan’s IKE
daemon processed IKEv2 payloads. A remote attacker could send specially
crafted IKEv2 payloads that, when processed, would lead to a denial of
service (daemon crash), possibly causing existing VPN connections to be
dropped. (CVE-2013-6466)

SL5
x86_64
openswan-2.6.32-7.3.el5_10.x86_64.rpm
openswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm
openswan-doc-2.6.32-7.3.el5_10.x86_64.rpm
i386
openswan-2.6.32-7.3.el5_10.i386.rpm
openswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm
openswan-doc-2.6.32-7.3.el5_10.i386.rpm
SL6
x86_64
openswan-2.6.32-27.2.el6_5.x86_64.rpm
openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
i386
openswan-2.6.32-27.2.el6_5.i686.rpm
openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm
openswan-doc-2.6.32-27.2.el6_5.i686.rpm

– Scientific Linux Development Team