Oracle9: ELSA-2024-2033: libreswan Moderate Security Advisory Updates
Summary
[4.12-1.0.1.1] - Add libreswan-oracle.patch to detect Oracle Linux distro [4.12-1.1] - Fix CVE-2024-2357 (RHEL-29734) - x509: unpack IPv6 general names based on length (RHEL-32719) [4.12-1] - Update to 4.12 to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 - Resolves: rhbz#2215956 [4.9-5] - Just bumping up the version to include bugs for CVE-2023-2295. There is no code fix for it. Fix for it is including the code fix for CVE-2023-30570. - Fix CVE-2023-2295 Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux - Resolves: rhbz#2189777, rhbz#2190148 [4.9-4] - Just bumping up the version as an incorrect 9.3 build was created. - Related: rhbz#2187171 [4.9-3] - Fix CVE-2023-30570:Malicious IKEv1 Aggressive Mode packets can crash libreswan - Resolves: rhbz#2187171 [4.9-2] - Fix CVE-2023-23009: remote DoS via crafted TS payload with an incorrect selector length (rhbz#2173674) [4.9-1] - Update to 4.9. Resolves: rhbz#2128669 - Switch to using %autopatch as in Fedora
SRPMs
http://oss.oracle.com/ol9/SRPMS-updates//libreswan-4.12-1.0.1.el9_3.1.src.rpm
x86_64
libreswan-4.12-1.0.1.el9_3.1.x86_64.rpm
aarch64
libreswan-4.12-1.0.1.el9_3.1.aarch64.rpm
i386