I am afraid modifying the patch is beyond my skills. Is there a way how to limit the possible impact of the CVE-2015-3240 security issue by different means, for the pre-3.15 versions, and without using the patch?
Unfortunately, some of our servers are stuck with CentOS 5 and they cannot be upgraded at this time. Tomas P.S. I apologize if the reply does not get placed in the thread properly, not sure what I am doing wrong. -----Original Message----- From: Paul Wouters [mailto:[email protected]] Sent: Thursday, September 24, 2015 10:40 PM To: Tomas France Cc: [email protected] Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS 5 On Thu, 24 Sep 2015, Tomas France wrote: > Subject: Re: [Swan] Cannot compile Libreswan 3.14 and newer on CentOS > 5 > > OK, thanks for the information! I am actually happy with version 3.13, > it's quite a new version still, mainly compared to OpenSwan where on > CentOS 5 I could not complite anything newer than 2.6.38 from 2012. > > What worries me is the security problem CVE-2015-3240 and the patch is > for > 3.14 version only. Is there a way to fix the problem in version 3.13, > or is it safe to use as-is? We publish a stand-alone patch for that issue at: https://libreswan.org/security/CVE-2015-3240/ It might require some tweaking to apply to 3.13. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
