Bugzilla – Bug 859220
VUL-0: CVE-2013-7294: openswan: DoS via an IKEv2 I1 notification
Last modified: 2021-10-13 16:35:31 UTC
CVE-2013-7294 Looks like this libreswan problem does also exists in openswan. Please verify. Fix: https://github.com/libreswan/libreswan/commit/2899351224fe2940aec37d7656e1e392c0fe07f0 References: http://www.cvedetails.com/cve/CVE-2013-7294/ https://bugzilla.redhat.com/show_bug.cgi?id=1054022 http://www.osvdb.org/101573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7294 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7294
Created attachment 574814 [details] fix from libreswan for CVE-2013-7294 Please verify this fix as the original from comment 0 hat insert problems.
We don't have any openswan with IKEv2 support => not affected.
excellent! :)
I'll recheck it to ensure we aren't.
The SWAMPID for this issue is 55947. This issue was rated as moderate. Please submit fixed packages until 2014-02-03. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
bugbot adjusting priority
Update released for: openswan, openswan-debuginfo, openswan-debugsource, openswan-doc Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: openswan, openswan-debuginfo, openswan-debugsource, openswan-doc Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
SUSE-SU-2014:0178-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 859220 CVE References: CVE-2013-7294 Sources used: SUSE Linux Enterprise Server 11 SP2 for VMware (src): openswan-2.6.16-1.40.1 SUSE Linux Enterprise Server 11 SP2 (src): openswan-2.6.16-1.40.1
closing
SUSE-SU-2021:3415-1: An update that solves 18 vulnerabilities and has 119 fixes is now available. Category: security (important) Bug References: 1065729,1124431,1127650,1135481,1148868,1152489,1154353,1159886,1167032,1167773,1168202,1170774,1171420,1171688,1173746,1174003,1175543,1176447,1176940,1177028,1177399,1178134,1180141,1180347,1181006,1181972,1184114,1184439,1184611,1184804,1185302,1185550,1185675,1185677,1185726,1185762,1185898,1187211,1187455,1187591,1187619,1188067,1188172,1188270,1188412,1188418,1188439,1188616,1188651,1188694,1188700,1188878,1188924,1188983,1188985,1188986,1189153,1189225,1189257,1189262,1189297,1189301,1189399,1189400,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189696,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1189884,1190022,1190023,1190025,1190062,1190115,1190117,1190131,1190138,1190159,1190181,1190358,1190406,1190412,1190413,1190428,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292,859220 CVE References: CVE-2020-12770,CVE-2020-3702,CVE-2021-34556,CVE-2021-35477,CVE-2021-3653,CVE-2021-3656,CVE-2021-3669,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-3759,CVE-2021-3764,CVE-2021-38160,CVE-2021-38198,CVE-2021-40490 JIRA References: Sources used: SUSE MicroOS 5.1 (src): kernel-rt-5.3.18-57.1 SUSE Linux Enterprise Module for Realtime 15-SP3 (src): kernel-rt-5.3.18-57.1, kernel-rt_debug-5.3.18-57.1, kernel-source-rt-5.3.18-57.1, kernel-syms-rt-5.3.18-57.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.