Path: ...!weretis.net!feeder8.news.weretis.net!news.szaf.org!fu-berlin.de!bofh.it!news.nic.it!robomod
From: Salvatore Bonaccorso <carnil@debian.org>
Newsgroups: linux.debian.announce.security
Subject: [SECURITY] [DSA 5368-1] libreswan security update
Date: Fri, 03 Mar 2023 21:00:01 +0100
Message-ID: <G5jJn-9QPT-3@gated-at.bofh.it>
X-Mailbox-Line: From debian-security-announce-request@lists.debian.org  Fri Mar  3 19:59:10 2023
Old-Return-Path: <carnil@seger.debian.org>
X-Amavis-Spam-Status: No, score=-116.191 tagged_above=-10000 required=5.3
	tests=[BAYES_00=-2, DIGITS_LETTERS=1, DKIMWL_WL_HIGH=-0.001,
	DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	DKIM_VALID_EF=-0.1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5,
	PGPSIGNATURE=-5, RCVD_IN_DNSWL_HI=-5, USER_IN_DKIM_WELCOMELIST=-0.01,
	USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no
Old-Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org;
	s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version:
	Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:
	In-Reply-To:References; bh=BnOIHlpMIlAAfP4QA3UH7fyKoPm5K3nglO59arjqnSs=; b=nS
	dkN37C8uEPk5Sv5fXA8STuUbQBDsaIddKO+BmH1A96Ff5uAlZDNgASVXyaMCMvhp7we+z/ctn9qKJ
	LQIIeXGQBGUkkZz1GS3cmrmeEo4DXudYwVE/umAvzU/XSl/IDYTx80heJS+zjhEdBqPVKUBy3lKnY
	P313UFO7uCwr3CGf8OPQTi/pBUBzP1uvvvwXVxleWvyK2L5VCPqF/e0zGBilDa4w+va8jP/2cd8ty
	WoOXBK4EoLlgpK8VERhpSKNoTmgstQsux7wCBFexuzYKEwtBdyxPcVQlCWJlQZmltZgz6azIVJrqU
	FMQz4blp96d3pu1p3by63r8vCsCJcmnw==;
X-Debian: PGP check passed for security officers
Priority: urgent
Reply-To: debian-security-announce-request@lists.debian.org
X-Mailing-List: <debian-security-announce@lists.debian.org> archive/latest/4268
List-ID: <debian-security-announce.lists.debian.org>
List-URL: <http://lists.debian.org/debian-security-announce/>
List-Archive: https://lists.debian.org/msgid-search/E1pYBYB-003I4s-J2@seger.debian.org
Approved: robomod@news.nic.it
Lines: 49
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Date: Fri, 03 Mar 2023 19:58:43 +0000
X-Original-Message-ID: <E1pYBYB-003I4s-J2@seger.debian.org>
Bytes: 4471

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5368-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 03, 2023                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libreswan
CVE ID         : CVE-2023-23009
Debian Bug     : 1031821

It was discovered that the libreswan IPsec implementation could be
forced into a crash/restart via malformed IKEv2 packets after peer
authentication, resulting in denial of service.

For the stable distribution (bullseye), this problem has been fixed in
version 4.3-1+deb11u3.

We recommend that you upgrade your libreswan packages.

For the detailed security status of libreswan please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libreswan

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmQCUIxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0R+XA/8C9tcRpaDWv6IsxJam+6YPviUXdUGQ6NgJOSxes7NHjl4mdYbJm/xUrm/
nM4C272cHbhfd/RJf/TqZM+aPvJ6ohcq6OfgVQlef7ys92RDPrpyOq0jVyWzHI6O
/CsRRMehgQD68Q5RAUe9CFxGDZ2YfI/+sEyts6bh0h4TStZbWWYSVO/ZhQvrLRbH
evGBoHX6qNRu8PYTlkgDeBmDpHAuHE6s5IlTwldaFSZlxMI2DycRBEF7ZiqKPXGl
gcn5gX0qQbfZOD9AlKEr5dlvMLQYE4AHWIgh35clwr7Nm/BqXP4QXGvMu4Of+djc
u+z+OIRhJqgVOJ3+cYYu4NN6wwGs6ZJgKtYxEYRRepUo0/fomM4YDZery3LgaCA4
HdbeW4oMbQm1az1VjwQBaOk1O0kKcA3Po87PRQCNSyZnus7f5IflT5G75tZn4HyU
s54iYoo6jT3lZ1zS9STupO8TdmWdEQpo6RCoIh8h4b89/+Uv4g6LlvFilyT+cf7H
ZVC4sEJ8VW/eSg9PwNfcYWlEAzJeVZccUPatLLe6bKf6Hi4c9JTcnlITpExtd4qn
4C4+5glzy910OGHjKXS2ljJCgVi+A9ch7Bndi7y07apYwh+yavbvppCbC6h5PauE
PIPc4ElQHa7cTOUjIAj4M9fD1JtK0BSwQ17hAwDCRa8PYRmWAJ4=
=S2f1
-----END PGP SIGNATURE-----