These patches fix a Denial of Service vulnerability present in all versions of Openswan (and superfreeswan) when an unencrypted Dead Peer Detection (RFC-3706) with bogus (or deleted) state is received. When such a packet is received, the pluto daemon crashes and restarts. These patches are included in openswan-2.4.14 and openswan-2.6.21 and above. openswan-2.x.x-dpd_null_state.patch should be applied to: - openswan-2.4.x < 2.4.14 (Maintenance mode) - openswan-2.5.x (EOL) - openswan-2.0.0 through openswan-2.3.1 (EOL) - openswan-1.x (EOL) - superfreeswan (EOL) openswan-2.6.x-dpd_null_state.patch should be applied to: - openswan-2.6.x < 2.6.21