Two buffer overflow flaws were found in the Openswan client-side XAUTH
handling code used when connecting to certain Cisco gateways. A
malicious or compromised VPN gateway could use these flaws to execute
arbitrary code on the connecting Openswan client. (CVE-2010-3302,
CVE-2010-3308)
Two input sanitization flaws were found in the Openswan client-side
handling of Cisco gateway banners. A malicious or compromised VPN
gateway could use these flaws to execute arbitrary code on the
connecting Openswan client. (CVE-2010-3752, CVE-2010-3753)
After installing this update, the ipsec service will be restarted
automatically.