Synopsis: Important: openswan security update
Issue date: 2009-07-02
CVE Names: CVE-2009-2185
Multiple insufficient input validation flaws were found in the way
Openswan's pluto IKE daemon processed some fields of X.509 certificates.
A remote attacker could provide a specially-crafted X.509 certificate
that would crash the pluto daemon. (CVE-2009-2185)
After installing this update, the ipsec service will be restarted
automatically.
SL 5.x
SRPMS:
openswan-2.6.14-1.el5_3.3.src.rpm
i386:
openswan-2.6.14-1.el5_3.3.i386.rpm
openswan-doc-2.6.14-1.el5_3.3.i386.rpm
x86_64:
openswan-2.6.14-1.el5_3.3.x86_64.rpm
openswan-doc-2.6.14-1.el5_3.3.x86_64.rpm
-Connie Sieh
-Troy Dawson