An update for libreswan is now available for openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1151 Final 1.0 1.0 2023-03-10 Initial 2023-03-10 2023-03-10 openEuler SA Tool V1.0 2023-03-10 libreswan security update An update for libreswan is now available for openEuler-22.03-LTS-SP1. Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN. This package contains the daemons and userland tools for setting up Libreswan. Libreswan also supports IKEv2 (RFC7296) and Secure Labeling Libreswan is based on Openswan-2.6.38 which in turn is based on FreeS/WAN-2.04 Security Fix(es): Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.(CVE-2023-23009) An update for libreswan is now available for openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libreswan https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1151 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-23009 https://nvd.nist.gov/vuln/detail/CVE-2023-23009 openEuler-22.03-LTS-SP1 libreswan-4.5-3.oe2203sp1.aarch64.rpm libreswan-help-4.5-3.oe2203sp1.aarch64.rpm libreswan-debuginfo-4.5-3.oe2203sp1.aarch64.rpm libreswan-debugsource-4.5-3.oe2203sp1.aarch64.rpm libreswan-4.5-3.oe2203sp1.src.rpm libreswan-4.5-3.oe2203sp1.x86_64.rpm libreswan-help-4.5-3.oe2203sp1.x86_64.rpm libreswan-debuginfo-4.5-3.oe2203sp1.x86_64.rpm libreswan-debugsource-4.5-3.oe2203sp1.x86_64.rpm Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. 2023-03-10 CVE-2023-23009 openEuler-22.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H libreswan security update 2023-03-10 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1151