{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Low" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"libreswan security update", "category":"general", "title":"Synopsis" }, { "text":"An update for libreswan is now available for openEuler-22.03-LTS-SP1.", "category":"general", "title":"Summary" }, { "text":"Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the ipsec gateway machine and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network or VPN.\n\nSecurity Fix(es):\n\nThe Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.(CVE-2024-2357)", "category":"general", "title":"Description" }, { "text":"An update for libreswan is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Low", "category":"general", "title":"Severity" }, { "text":"libreswan", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-1409", "category":"self", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1409" }, { "summary":"CVE-2024-2357", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2024-2357&packageName=libreswan" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2357" }, { "summary":"openEuler-SA-2024-1409 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-1409.json" } ], "title":"An update for libreswan is now available for openEuler-22.03-LTS-SP1", "tracking":{ "initial_release_date":"2024-04-12T09:15:03+08:00", "revision_history":[ { "date":"2024-04-12T09:15:03+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:15:03+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:15:03+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:15:03+08:00", "id":"openEuler-SA-2024-1409", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"openEuler-22.03-LTS-SP1", "name":"openEuler-22.03-LTS-SP1" }, "name":"openEuler-22.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"libreswan-4.14-1.oe2203sp1.aarch64.rpm", "name":"libreswan-4.14-1.oe2203sp1.aarch64.rpm" }, "name":"libreswan-4.14-1.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"libreswan-help-4.14-1.oe2203sp1.aarch64.rpm", "name":"libreswan-help-4.14-1.oe2203sp1.aarch64.rpm" }, "name":"libreswan-help-4.14-1.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"libreswan-debugsource-4.14-1.oe2203sp1.aarch64.rpm", "name":"libreswan-debugsource-4.14-1.oe2203sp1.aarch64.rpm" }, "name":"libreswan-debugsource-4.14-1.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"libreswan-debuginfo-4.14-1.oe2203sp1.aarch64.rpm", "name":"libreswan-debuginfo-4.14-1.oe2203sp1.aarch64.rpm" }, "name":"libreswan-debuginfo-4.14-1.oe2203sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"libreswan-4.14-1.oe2203sp1.src.rpm", "name":"libreswan-4.14-1.oe2203sp1.src.rpm" }, "name":"libreswan-4.14-1.oe2203sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"libreswan-debuginfo-4.14-1.oe2203sp1.x86_64.rpm", "name":"libreswan-debuginfo-4.14-1.oe2203sp1.x86_64.rpm" }, "name":"libreswan-debuginfo-4.14-1.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"libreswan-4.14-1.oe2203sp1.x86_64.rpm", "name":"libreswan-4.14-1.oe2203sp1.x86_64.rpm" }, "name":"libreswan-4.14-1.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"libreswan-debugsource-4.14-1.oe2203sp1.x86_64.rpm", "name":"libreswan-debugsource-4.14-1.oe2203sp1.x86_64.rpm" }, "name":"libreswan-debugsource-4.14-1.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"libreswan-help-4.14-1.oe2203sp1.x86_64.rpm", "name":"libreswan-help-4.14-1.oe2203sp1.x86_64.rpm" }, "name":"libreswan-help-4.14-1.oe2203sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"libreswan-4.14-1.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.aarch64", "name":"libreswan-4.14-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"libreswan-help-4.14-1.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:libreswan-help-4.14-1.oe2203sp1.aarch64", "name":"libreswan-help-4.14-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"libreswan-debugsource-4.14-1.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:libreswan-debugsource-4.14-1.oe2203sp1.aarch64", "name":"libreswan-debugsource-4.14-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"libreswan-debuginfo-4.14-1.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:libreswan-debuginfo-4.14-1.oe2203sp1.aarch64", "name":"libreswan-debuginfo-4.14-1.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"libreswan-4.14-1.oe2203sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.src", "name":"libreswan-4.14-1.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"libreswan-debuginfo-4.14-1.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:libreswan-debuginfo-4.14-1.oe2203sp1.x86_64", "name":"libreswan-debuginfo-4.14-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"libreswan-4.14-1.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.x86_64", "name":"libreswan-4.14-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"libreswan-debugsource-4.14-1.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:libreswan-debugsource-4.14-1.oe2203sp1.x86_64", "name":"libreswan-debugsource-4.14-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"libreswan-help-4.14-1.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:libreswan-help-4.14-1.oe2203sp1.x86_64", "name":"libreswan-help-4.14-1.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-2357", "notes":[ { "text":"The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-help-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-debugsource-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-debuginfo-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.src", "openEuler-22.03-LTS-SP1:libreswan-debuginfo-4.14-1.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:libreswan-debugsource-4.14-1.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:libreswan-help-4.14-1.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-help-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-debugsource-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-debuginfo-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.src", "openEuler-22.03-LTS-SP1:libreswan-debuginfo-4.14-1.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:libreswan-debugsource-4.14-1.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:libreswan-help-4.14-1.oe2203sp1.x86_64" ], "details":"libreswan security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1409" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.5, "vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-help-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-debugsource-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-debuginfo-4.14-1.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.src", "openEuler-22.03-LTS-SP1:libreswan-debuginfo-4.14-1.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:libreswan-4.14-1.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:libreswan-debugsource-4.14-1.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:libreswan-help-4.14-1.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2024-2357" } ] }