[El-errata] ELSA-2016-2603 Moderate: Oracle Linux 7 libreswan security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Nov 10 11:15:34 PST 2016 

Oracle Linux Security Advisory ELSA-2016-2603

http://linux.oracle.com/errata/ELSA-2016-2603.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
libreswan-3.15-8.0.1.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libreswan-3.15-8.0.1.el7.src.rpm



Description of changes:

[3.15-8.0.1]
- add libreswan-oracle.patch to detect Oracle Linux distro

[3.15-8]
- Resolves: rhbz#1361721 libreswan pluto segfault [UPDATED]
- Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to 
response to bad INFORMATIONAL request [UPDATED]
- Resolves: rhbz#1309764 ipsec barf [additional man page update and 
--no-pager]

[3.15-7]
- Resolves: rhbz#1311360  When IKE rekeys, if on a different tunnel, all 
subsequent attempts to rekey fail
- Resolves: rhbz#1361721 libreswan pluto segfault

[3.15-6]
- Resolves: rhbz#1283468 keyingtries=0 is broken
- Resolves: rhbz#1297816 When using SHA2 as PRF algorithm, nonce payload 
is below the RFC minimum size
- Resolves: rhbz#1344567 CVE-2016-5361 libreswan: IKEv1 protocol is 
vulnerable to DoS amplification attack
- Resolves: rhbz#1313747 ipsec pluto returns zero even if it fails
- Resolves: rhbz#1302778 fips does not check hash of some files (like 
_import_crl)
- Resolves: rhbz#1278063 Unable to authenticate with PAM for IKEv1 XAUTH
- Resolves: rhbz#1257079 Libreswan doesn't call NetworkManager helper in 
case of a connection error
- Resolves: rhbz#1272112 ipsec whack man page discrepancies
- Resolves: rhbz#1280449 PAM xauth method does not work with pam_sss
- Resolves: rhbz#1290907 ipsec initnss/checknss custom directory not 
recognized
- Resolves: rhbz#1309764 ipsec barf does not show pluto log correctly in 
the output
- Resolves: rhbz#1347735 libreswan needs to check additional CRLs after 
LDAP CRL distributionpoint fails
- Resolves: rhbz#1219049 Pluto does not handle delete message from 
responder site in ikev1
- Resolves: rhbz#1276524 [USGv6] IKEv2.EN.R.1.1.3.2 case failed due to 
response to bad INFORMATIONAL request
- Resolves: rhbz#1315412 ipsec.conf manpage does not contain any mention 
about crl-strict option
- Resolves: rhbz#1229766 Pluto crashes after stop when I use floating ip 
address

More information about the El-errata mailing list