Pinning libreswan rpm version in the near-term solution exposes the following vulnerabilities exist for the libreswan-4.5-1 installed in ovnk image and host via layered coreos image:

• Important CVE-2023-2295 RHSA-2023:3148 
• Important CVE-2023-30570 RHSA-2023:2120 
• Moderate CVE-2023-23009 RHSA-2023:2633 
• Moderate CVE-2024-2357 RHSA-2024:2085 
• Moderate CVE-2024-3652 RHSA-2024:4431 

RHEL team will need to backport the CVE fixes to a libreswan 4.6 version, which will be cross-tagged to OCP repo, then be consumed by ovnk image and when building layered coreos image.

The ticket for cross-tagging the new libreswan 4.6 package in OCP: https://issues.redhat.com/browse/CWFCONF-10880

Once new libreswan 4.6 package is cross-tagged, we need PRs in ovnk to pin the tagged version for version >= 4.15

The procedure for building layered coreos image needs to be updated to use this new libreswan version.

The above work needs to be completed before Dec 4th, the development cutoff date for 4.15.40.