[Swan] Cannot compile Libreswan 3.14 and newer on CentOS 5

Tomas France tomfra at centrum.cz
Fri Sep 25 01:14:31 UTC 2015


I am afraid modifying the patch is beyond my skills. Is there a way how to
limit the possible impact of the CVE-2015-3240 security issue by different
means, for the pre-3.15 versions, and without using the patch?

Unfortunately, some of our servers are stuck with CentOS 5 and they cannot
be upgraded at this time.

Tomas

P.S. I apologize if the reply does not get placed in the thread properly,
not sure what I am doing wrong.



-----Original Message-----
From: Paul Wouters [mailto:paul at nohats.ca] 
Sent: Thursday, September 24, 2015 10:40 PM
To: Tomas France
Cc: swan at lists.libreswan.org
Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS 5

On Thu, 24 Sep 2015, Tomas France wrote:

> Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS 
> 5
> 
> OK, thanks for the information! I am actually happy with version 3.13, 
> it's quite a new version still, mainly compared to OpenSwan where on 
> CentOS 5 I could not complite anything newer than 2.6.38 from 2012.
>
> What worries me is the security problem CVE-2015-3240 and the patch is 
> for
> 3.14 version only. Is there a way to fix the problem in version 3.13, 
> or is it safe to use as-is?

We publish a stand-alone patch for that issue at:

https://libreswan.org/security/CVE-2015-3240/

It might require some tweaking to apply to 3.13.

Paul



More information about the Swan mailing list