Package name
Advisory ID
Affected versions
10.0 amd64 , 10.0 i586

Problem description

Thomas Walpuski discovered a vulnerability in the X.509 handling of super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509 patch applied. This vulnerability allows an attacker to make up their own Certificate Authority that can allow them to impersonate the identity of a valid DN. As well, another hole exists in the CA checking code that could create an endless loop in certain instances. Mandrakesoft encourages all users who use FreeS/WAN or super-freeswan to upgrade to the updated packages which are patched to correct these flaws. Update: Due to a build error, the super-freeswan packages did not include the pluto program. The updated packages fix this error.

Updated packages

10.0 amd64

 0125ca974282b60d0cbfe5661523a44c  amd64/10.0/RPMS/super-freeswan-1.99.8-8.2.100mdk.amd64.rpm
398996877b35d0b04130d35d939b9372  amd64/10.0/RPMS/super-freeswan-doc-1.99.8-8.2.100mdk.amd64.rpm
4cc876821005905818c2f2aa590601c2  amd64/10.0/SRPMS/super-freeswan-1.99.8-8.2.100mdk.src.rpm

10.0 i586

 fa37ec26d95abe88531f412b19fd4312  10.0/RPMS/super-freeswan-1.99.8-8.2.100mdk.i586.rpm
2a82a0cb9c3f47d658f40a36aad8cd04  10.0/RPMS/super-freeswan-doc-1.99.8-8.2.100mdk.i586.rpm
4cc876821005905818c2f2aa590601c2  10.0/SRPMS/super-freeswan-1.99.8-8.2.100mdk.src.rpm