Public bug reported:
After upgrade racoon from 1:0.8.2+20140711-5 to 1:0.8.2+20140711-10build1 Apple
iPhones, which use a racoon client cannot connect to the racoon VPN on the
Ubuntu server. Following log entries outline the failure:
Sep 14 06:42:28 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch
Sep 14 06:42:28 vpnserver racoon[1775]: ERROR: Repeated last fragment index
mismatch
Sep 14 06:42:32 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch
Sep 14 06:42:32 vpnserver racoon[1775]: ERROR: Repeated last fragment index
mismatch
Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch
Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated last fragment index
mismatch
Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch
Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated last fragment index
mismatch
Sep 14 06:42:39 vpnserver racoon[1775]: ERROR: phase1 negotiation failed due to
time up.
A brief check of the upstream activities shows, that maintainers
switched to panic mode because of CVE-2016-10396 and provided a rough
patch without support of the ipsec-tools project and without the ability
to perform sufficient regression tests.
As Debian as well as NetBSD maintainers already have expressed their
general concerns about this patch, there really seems to be a severe
issue.
Further evidences can be provided but as the topic is pretty complicated
detailed guidance is required.
** Affects: ipsec-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793028
Title:
NetBSD CVE Patch Regression
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
