http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities&flashstatus=true That advisory has information and a patch regarding a buffer overflow in openswan. It is possible that a remote attacker could execute arbitrary code as the user running the pluto deamon.
It's not _that_ bad, because openswan was compiled with -pie, so it is very unlikely, that code could be executed. DOS attacks could happen though.
This is CAN-2005-0162
Fixed upstream awhile ago - 2.3.0
FEDORA-2005-082 pushed on 2005-01-28