ALAS-2011-006

Amazon Linux 1 Security Advisory: ALAS-2011-6
Advisory Release Date: 2011-10-10 23:54 Pacific
Advisory Updated Date: 2014-09-14 14:25 Pacific

Severity: Medium

References: CVE-2011-3380 RHSA-2011-1356
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A NULL pointer dereference flaw was found in the way Openswan's pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon.

Affected Packages:

openswan

Issue Correction:
Run yum update openswan to update your system.

New Packages:

i686:
    openswan-debuginfo-2.6.36-1.12.amzn1.i686
    openswan-2.6.36-1.12.amzn1.i686
    openswan-doc-2.6.36-1.12.amzn1.i686

src:
    openswan-2.6.36-1.12.amzn1.src

x86_64:
    openswan-2.6.36-1.12.amzn1.x86_64
    openswan-debuginfo-2.6.36-1.12.amzn1.x86_64
    openswan-doc-2.6.36-1.12.amzn1.x86_64

Additional References

Red Hat: CVE-2011-3380

Mitre: CVE-2011-3380