A security vulnerability was introduced in libreswan 3.16. The pluto IKE daemon would restart when receiving an IKE transform containg AES_XCBC.
Created libreswan tracking bugs for this issue:
Affects: fedora-all [bug 1327958]
3.17-1 packages for fedora were already pushed and are in stable
(In reply to Paul Wouters from comment #2)
> 3.17-1 packages for fedora were already pushed and are in stable
Thanks, this is now fixed in fedora.