{"id":"MGASA-2024-0085","summary":"Updated libreswan packages fix security vulnerabilities","details":"The updated package fixes security vulnerabilities:\npluto in Libreswan before 4.11 allows a denial of service (responder SPI\nmishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode\npackets. (CVE-2023-30570)\nAn issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA\nREKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an\nerror notify INVALID_SPI is sent back. The notify payload's protocol ID\nis copied from the incoming packet, but the code that verifies outgoing\npackets fails an assertion that the protocol ID must be ESP (2) or AH(3)\nand causes the pluto daemon to crash and restart. (CVE-2023-38710)\nAn issue was discovered in Libreswan before 4.12. When an IKEv1 Quick\nMode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an\nIDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and\nrestart of the pluto daemon. (CVE-2023-38711)\nAn issue was discovered in Libreswan 3.x and 4.x before 4.12. When an\nIKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify\npayload followed by further Notifies that act on the ISAKMP SA, such as\na duplicated Delete/Notify message, a NULL pointer dereference on the\ndeleted state causes the pluto daemon to crash and restart.\n(CVE-2023-38712)\n","modified":"2026-04-16T00:11:16.644407744Z","published":"2024-03-24T04:57:19Z","upstream":["CVE-2023-30570","CVE-2023-38710","CVE-2023-38711","CVE-2023-38712"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0085.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31865"},{"type":"ADVISORY","url":"https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt"},{"type":"WEB","url":"https://access.redhat.com/errata/RHSA-2023:2120"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/APPXJHIVUBS4I2AVIB6C36ED6XNUYVC2/"},{"type":"ADVISORY","url":"https://libreswan.org/security/CVE-2023-38710"},{"type":"ADVISORY","url":"https://libreswan.org/security/CVE-2023-38711"},{"type":"ADVISORY","url":"https://libreswan.org/security/CVE-2023-38712"}],"affected":[{"package":{"name":"libreswan","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libreswan?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.12-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0085.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}