Openswan is a free implementation of Internet Protocol Security (IPsec)and Internet Key Exchange (IKE). IPsec uses strong cryptography to provideboth authentication and encryption services. These services allow you tobuild secure tunnels through untrusted networks.Two buffer overflow flaws were found in the Openswan client-side XAUTHhandling code used when connecting to certain Cisco gateways. A maliciousor compromised VPN gateway could use these flaws to execute arbitrary codeon the connecting Openswan client. (CVE-2010-3302, CVE-2010-3308)Two input sanitization flaws were found in the Openswan client-sidehandling of Cisco gateway banners. A malicious or compromised VPN gatewaycould use these flaws to execute arbitrary code on the connecting Openswanclient. (CVE-2010-3752, CVE-2010-3753)Red Hat would like to thank the Openswan project for reporting theseissues. Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as theoriginal reporters.All users of openswan are advised to upgrade to these updated packages,which contain backported patches to correct these issues. After installingthis update, the ipsec service will be restarted automatically.