[Swan] Cannot compile Libreswan 3.14 and newer on CentOS 5
Tomas France
tomfra at centrum.cz
Fri Sep 25 01:14:31 UTC 2015
I am afraid modifying the patch is beyond my skills. Is there a way how to
limit the possible impact of the CVE-2015-3240 security issue by different
means, for the pre-3.15 versions, and without using the patch?
Unfortunately, some of our servers are stuck with CentOS 5 and they cannot
be upgraded at this time.
Tomas
P.S. I apologize if the reply does not get placed in the thread properly,
not sure what I am doing wrong.
-----Original Message-----
From: Paul Wouters [mailto:paul at nohats.ca]
Sent: Thursday, September 24, 2015 10:40 PM
To: Tomas France
Cc: swan at lists.libreswan.org
Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS 5
On Thu, 24 Sep 2015, Tomas France wrote:
> Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS
> 5
>
> OK, thanks for the information! I am actually happy with version 3.13,
> it's quite a new version still, mainly compared to OpenSwan where on
> CentOS 5 I could not complite anything newer than 2.6.38 from 2012.
>
> What worries me is the security problem CVE-2015-3240 and the patch is
> for
> 3.14 version only. Is there a way to fix the problem in version 3.13,
> or is it safe to use as-is?
We publish a stand-alone patch for that issue at:
https://libreswan.org/security/CVE-2015-3240/
It might require some tweaking to apply to 3.13.
Paul
More information about the Swan
mailing list