Libreswan is a free software implementation of the most widely supported and standarized VPN protocol based on (“IPsec”) and the Internet Key Exchange (“IKE”).
The pluto IKE daemon in Libreswan, when built with NSS, allows remote attackers to cause a Denial of Service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet. Additionally, remote attackers could cause a Denial of Service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.
Remote attackers could possibly cause Denial of Service.
There is no known workaround at this time.
All Libreswan users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/libreswan-3.15"