GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Nov 23, 2014 6:26 pm Post subject: [ GLSA 201411-07 ] Openswan: Denial of Service |
|
|
Gentoo Linux Security Advisory
Title: Openswan: Denial of Service (GLSA 201411-07)
Severity: normal
Exploitable: remote
Date: November 23, 2014
Bug(s): #499870
ID: 201411-07
Synopsis
A NULL pointer dereference in Openswan may allow remote attackers
to cause Denial of Service.
Background
Openswan is an implementation of IPsec for Linux.
Affected Packages
Package: net-misc/openswan
Vulnerable: <= 2.6.39-r1
Architectures: All supported architectures
Description
A NULL pointer dereference has been found in Openswan.
Impact
A remote attacker could create a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for Openswan. We recommend that users
unmerge Openswan:
Code: | # emerge --unmerge "net-misc/openswan"
| NOTE: The Gentoo developer(s) maintaining Openswan have discontinued
support at this time. It may be possible that a new Gentoo developer will
update Openswan at a later date. Alternatives packages such as Libreswan
and strongSwan are currently available in Gentoo Portage.
References
CVE-2013-6466 |
|