GLSA 201411-07: Openswan: Denial of Service
| Severity: | normal |
| Title: | Openswan: Denial of Service |
| Date: | 11/23/2014 |
| Bugs: | |
| ID: | 201411-07 |
Synopsis
A NULL pointer dereference in Openswan may allow remote attackers to cause Denial of Service.Background
Openswan is an implementation of IPsec for Linux.
Affected packages
| Package | Vulnerable | Unaffected | Architecture(s) |
|---|---|---|---|
| net-misc/openswan | <= 2.6.39-r1 | All supported architectures |
Description
A NULL pointer dereference has been found in Openswan.
Impact
A remote attacker could create a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for Openswan. We recommend that users unmerge Openswan:
# emerge --unmerge "net-misc/openswan"
NOTE: The Gentoo developer(s) maintaining Openswan have discontinued support at this time. It may be possible that a new Gentoo developer will update Openswan at a later date. Alternatives packages such as Libreswan and strongSwan are currently available in Gentoo Portage.
References
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.