A use-after-free flaw was reported in the cryptography support in Openswan Phase 2 negotiation. This could be used by a remote authenticated attacker to crash Openswan.
Created attachment 530171 [details]
proposed upstream patch
Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Petar Tsankov, Mohammad Torabi Dashti and David Basin of the information security group at ETH Zurich as the original reporters.
The upstream patch to correct this flaw:
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Via RHSA-2011:1422 https://rhn.redhat.com/errata/RHSA-2011-1422.html
Fedora updates that fix this flaw:
openswan-2.6.37-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
openswan-2.6.33-3.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
openswan-2.6.37-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.