The libreswan flaw CVE-2023-30570 (bug 2187165) was addressed in Red Hat Enterprise Linux 8 via erratum RHSA-2023:2122 and in Red Hat Enterprise Linux 9 via erratum RHSA-2023:2120, released on May 04, 2023: https://access.redhat.com/errata/RHSA-2023:2122 https://access.redhat.com/errata/RHSA-2023:2120 However, the fix for this issue was not included in the libreswan updates released as part of Red Hat Enterprise Linux 8.8 GA erratum (RHBA-2023:2865) and Red Hat Enterprise Linux 9.2 GA erratum (RHBA-2023:2355), causing a security regression of previously released fix. A new CVE-ID CVE-2023-2295 was assigned for this security regression. Note that this issue and CVE-ID is specific to the libreswan packages as shipped with Red Hat Enterprise Linux and is not applicable to any upstream libreswan version or libreswan packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages. For more information about the original flaw, refer to the CVE page or bug linked above.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:3107 https://access.redhat.com/errata/RHSA-2023:3107
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3148 https://access.redhat.com/errata/RHSA-2023:3148
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-2295