Security update for strongswan

SUSE Security Update: Security update for strongswan
Announcement ID: SUSE-SU-2014:0529-1
Rating: important
References: #870572
Affected Products:
  • SUSE Linux Enterprise Server 11 SP3 for VMware
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 11 SP2 LTSS
  • SUSE Linux Enterprise Server 11 SP1 LTSS
  • SUSE Linux Enterprise Server 10 SP4 LTSS
  • SUSE Linux Enterprise Server 10 SP3 LTSS
  • SUSE Linux Enterprise Desktop 11 SP3

  • An update that fixes one vulnerability is now available. It includes one version update.

    Description:


    The following security issue is fixed by this update:

    * bnc#870572: strongswan has been updated to fix an
    authentication problem where attackers could have bypassed
    the IKEv2 authentication. (CVE-2014-2338)

    Security Issue reference:

    * CVE-2014-2338
    >

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11 SP3 for VMware:
      zypper in -t patch slessp3-strongswan-9089
    • SUSE Linux Enterprise Server 11 SP3:
      zypper in -t patch slessp3-strongswan-9089
    • SUSE Linux Enterprise Server 11 SP2 LTSS:
      zypper in -t patch slessp2-strongswan-9091
    • SUSE Linux Enterprise Server 11 SP1 LTSS:
      zypper in -t patch slessp1-strongswan-9090
    • SUSE Linux Enterprise Desktop 11 SP3:
      zypper in -t patch sledsp3-strongswan-9089

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
    • strongswan-4.4.0-6.23.1
    • strongswan-doc-4.4.0-6.23.1
    • SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
    • strongswan-4.4.0-6.23.1
    • strongswan-doc-4.4.0-6.23.1
    • SUSE Linux Enterprise Server 11 SP2 LTSS (i586 s390x x86_64):
    • strongswan-4.4.0-6.23.1
    • strongswan-doc-4.4.0-6.23.1
    • SUSE Linux Enterprise Server 11 SP1 LTSS (i586 s390x x86_64) [New Version: 4.4.0]:
    • strongswan-4.4.0-6.23.1
    • strongswan-doc-4.4.0-6.23.1
    • SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
    • strongswan-4.4.0-6.17.1
    • strongswan-doc-4.4.0-6.17.1
    • SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
    • strongswan-4.1.10-0.20.1
    • strongswan-doc-4.1.10-0.20.1
    • SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
    • strongswan-4.4.0-6.23.1
    • strongswan-doc-4.4.0-6.23.1

    References:

    • http://support.novell.com/security/cve/CVE-2014-2338.html
    • https://bugzilla.novell.com/870572
    • http://download.suse.com/patch/finder/?keywords=2fa17d32e96a0a6e75cf09c3ee27248a
    • http://download.suse.com/patch/finder/?keywords=6934f5428f28e943d4b95fb80186e500
    • http://download.suse.com/patch/finder/?keywords=a056596e6640418d5e1521a74c8dddb7
    • http://download.suse.com/patch/finder/?keywords=bf28f278dcbe157650c32cbc4472be03
    • http://download.suse.com/patch/finder/?keywords=fcda2d9564b781d675247b9a0b0cc648