The remote host is missing updates announced in advisory GLSA 200406-20.

All FreeS/WAN 1.9x users should upgrade to the latest stable version: # emerge sync # emerge -pv '=net-misc/freeswan-1.99-r1' # emerge '=net-misc/freeswan-1.99-r1' All FreeS/WAN 2.x users should upgrade to the latest stable version: # emerge sync # emerge -pv '>=net-misc/freeswan-2.04-r1' # emerge '>=net-misc/freeswan-2.04-r1' All Openswan 1.x users should upgrade to the latest stable version: # emerge sync # emerge -pv '=net-misc/openswan-1.0.6_rc1' # emerge '=net-misc/openswan-1.0.6_rc1' All Openswan 2.x users should upgrade to the latest stable version: # emerge sync # emerge -pv '>=net-misc/openswan-2.1.4' # emerge '>=net-misc/openswan-2.1.4' All strongSwan users should upgrade to the latest stable version: # emerge sync # emerge -pv '>=net-misc/strongswan-2.1.3' # emerge '>=net-misc/strongswan-2.1.3' All Super-FreeS/WAN users should migrate to the latest stable version of Openswan. Note that Portage will force a move for Super-FreeS/WAN users to Openswan. # emerge sync # emerge -pv '=net-misc/openswan-1.0.6_rc1' # emerge '=net-misc/openswan-1.0.6_rc1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200406-20 http://lists.openswan.org/pipermail/dev/2004-June/000370.html

FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two bugs when authenticating PKCS#7 certificates. This could allow an attacker to authenticate with a fake certificate.