Debian: DSA-1759-1: New strongswan packages fix denial of service

    Date31 Mar 2009
    CategoryDebian
    28
    Posted ByLinuxSecurity Advisories
    Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an IPSec implementation for linux, is prone to a denial of service attack via a malicious packet.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1759-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                      Steffen Joeris
    March 30, 2009                   	http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : strongswan
    Vulnerability  : denial of service
    Problem type   : remote
    Debian-specific: no
    CVE Id         : CVE-2009-0790
    
    
    Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an
    IPSec implementation for linux, is prone to a denial of service attack
    via a malicious packet.
    
    
    For the stable distribution (lenny), this problem has been fixed in
    version 4.2.4-5+lenny1.
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 2.8.0+dfsg-1+etch1.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem will be fixed soon.
    
    We recommend that you upgrade your strongswan packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.dsc
        Size/MD5 checksum:      811 15760a0423c8cf0829c0f71d5424ab27
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz
        Size/MD5 checksum:  3155518 8b9ac905b9bcd41fb826e3d67e90a33d
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.diff.gz
        Size/MD5 checksum:    57545 276bae2bae3230bcef527b44f3b9fb99
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_alpha.deb
        Size/MD5 checksum:  1197696 7fc7c6438f1c2739373c193784934461
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_amd64.deb
        Size/MD5 checksum:  1100438 4004ce8cfc2b2de41712a4d73a520de2
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_arm.deb
        Size/MD5 checksum:  1070794 dc1e10007ea82d547591052d032e0216
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_hppa.deb
        Size/MD5 checksum:  1136062 9f5996ea05d930e0a7a361336263be58
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_i386.deb
        Size/MD5 checksum:  1051780 25b41b38e8698a6f61b3f4f523ca52c7
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_ia64.deb
        Size/MD5 checksum:  1454480 19818a3ec7756710ea1abfdbd9ebadcc
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mips.deb
        Size/MD5 checksum:  1124636 be7189aac59d98fbec7a9bf9a5f7b74d
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mipsel.deb
        Size/MD5 checksum:  1130402 25bdc2ca2651db73a88f079902a35f43
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_powerpc.deb
        Size/MD5 checksum:  1097994 e1eb29c9c4dd776259178308a6b40a04
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_s390.deb
        Size/MD5 checksum:  1084268 90b6459bb59a264eaf1aa2b26ed82acd
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_sparc.deb
        Size/MD5 checksum:  1024106 9ad2a093d9efad364a0eb80a0f20057f
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.dsc
        Size/MD5 checksum:     1310 c6dc3521aee080f275ea0f65ded35bca
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.diff.gz
        Size/MD5 checksum:    57299 b6d1af4a7144d5289400f35dcd18eb5e
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz
        Size/MD5 checksum:  3295212 92ddfaedd6698bc6640927def271d476
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_alpha.deb
        Size/MD5 checksum:  1301122 7c83dcbdcdb177e9bc83361d4c064f6d
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_amd64.deb
        Size/MD5 checksum:  1178112 875f877f564c88b885ebf68be2478f0c
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_arm.deb
        Size/MD5 checksum:  1034248 3c20d44508cc5255c3e6ad74cf9cac9c
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_armel.deb
        Size/MD5 checksum:  1034868 457ca8749ced0c177c5825ca953423e7
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_hppa.deb
        Size/MD5 checksum:  1214270 353bde7aacb7e5a875ba8d715da70caa
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_i386.deb
        Size/MD5 checksum:  1099806 02a117d38e15ecf3e0b2667985b7710e
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_ia64.deb
        Size/MD5 checksum:  1615308 d0f1ed5581a772eecf3801a45d57ab95
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mips.deb
        Size/MD5 checksum:  1158540 656a66202077e4f55d24433af6ab3ce5
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mipsel.deb
        Size/MD5 checksum:  1157848 614cad1bdd081160a3fe74e3d1e4e902
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_powerpc.deb
        Size/MD5 checksum:  1228470 6dbb9fa6379444c2f0cebba7fc417027
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_s390.deb
        Size/MD5 checksum:  1258802 d92712a84cbb2d2c181546927d4f9f36
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_sparc.deb
        Size/MD5 checksum:  1142494 cd69f7750be1e6cc0e83003e74480bde
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"2","type":"x","order":"2","pct":50,"resources":[]},{"id":"86","title":"No","votes":"2","type":"x","order":"3","pct":50,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.