** Description changed: + [Impact] + TBD + + [Test Case] + TBD + + [Regression Potential] + + [Fix] + + [Discussion] + + [Original Report] After upgrade racoon from 1:0.8.2+20140711-5 to 1:0.8.2+20140711-10build1 Apple iPhones, which use a racoon client cannot connect to the racoon VPN on the Ubuntu server. Following log entries outline the failure: Sep 14 06:42:28 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch Sep 14 06:42:28 vpnserver racoon[1775]: ERROR: Repeated last fragment index mismatch Sep 14 06:42:32 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch Sep 14 06:42:32 vpnserver racoon[1775]: ERROR: Repeated last fragment index mismatch Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated last fragment index mismatch Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated fragment index mismatch Sep 14 06:42:35 vpnserver racoon[1775]: ERROR: Repeated last fragment index mismatch - Sep 14 06:42:39 vpnserver racoon[1775]: ERROR: phase1 negotiation failed due to time up. + Sep 14 06:42:39 vpnserver racoon[1775]: ERROR: phase1 negotiation failed due to time up. A brief check of the upstream activities shows, that maintainers switched to panic mode because of CVE-2016-10396 and provided a rough patch without support of the ipsec-tools project and without the ability to perform sufficient regression tests. As Debian as well as NetBSD maintainers already have expressed their general concerns about this patch, there really seems to be a severe issue. Further evidences can be provided but as the topic is pretty complicated detailed guidance is required.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1793028 Title: [SRU] NetBSD CVE Patch Regression To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ipsec-tools/+bug/1793028/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
