Openswan:

> Search

Openswan is an implementation of IPsec for Linux. It supports kernels 2.0, 2.2, 2.4 and 2.6, and runs on many different platforms, including x86, x86_64, ia64, MIPS and ARM.

June 24 2009: Security release for CVE-2009-2185 (local copy)

These patches fixes an ASN.1 parser bug that allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

These patches are included in openswan-2.6.22 (SIG) and above and openswan-2.4.15 (SIG). If you cannot upgrade, please apply one of the following patches:

openswan-2.6.x-asn1.patch should be applied to:
- openswan-2.6.x < 2.6.22
openswan-2.4.x-asn1.patch should be applied to:
- openswan-2.4.x < 2.4.15 (Maintenance mode)
- openswan-2.5.x (EOL)
- openswan-2.0.0 through openswan-2.3.1 (EOL)
- openswan-1.x (EOL)
- superfreeswan (EOL)

Building and Integrating Virtual Private Networks with Openswan is now available. Order your copy now at Amazon.com or directly from our publisher Packt Publishing.