Debian: DSA-1760-1: New openswan packages fix denial of service

    Date31 Mar 2009
    CategoryDebian
    77
    Posted ByLinuxSecurity Advisories
    Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux. The Common Vulnerabilities and Exposures project identifies the following problems:
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1760-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                      Steffen Joeris
    March 30, 2009                   	http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : openswan
    Vulnerability  : denial of service
    Problem type   : remote
    Debian-specific: no
    CVE Id         : CVE-2008-4190 CVE-2009-0790
    Debian Bug     : 496374
    
    
    Two vulnerabilities have been discovered in openswan, an IPSec
    implementation for linux. The Common Vulnerabilities and Exposures
    project identifies the following problems:
    
    
    CVE-2008-4190
    
    Dmitry E. Oboukhov discovered that the livetest tool is using temporary
    files insecurely, which could lead to a denial of service attack.
    
    
    CVE-2009-0790
    
    Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
    to a denial of service attack via a malicious packet.
    
    
    For the stable distribution (lenny), this problem has been fixed in
    version 2.4.12+dfsg-1.3+lenny1.
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 2.4.6+dfsg.2-1.1+etch1.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem will be fixed soon.
    
    We recommend that you upgrade your openswan packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.diff.gz
        Size/MD5 checksum:    92351 d43193ea57c9ba646aa9a2ae479c65dd
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz
        Size/MD5 checksum:  3555236 e5ef22979f8a67038f445746fdc7ff38
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.dsc
        Size/MD5 checksum:      887 0bb9a0b8fda2229aed2ea1e7755259db
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch1_all.deb
        Size/MD5 checksum:   598920 7f24c626025d0725409fc5f282834859
      http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch1_all.deb
        Size/MD5 checksum:   525862 69a5d63858abbde46369f1178715bb23
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_alpha.deb
        Size/MD5 checksum:  1742492 a6a7ab937c9a172c74e19bf85ed5af15
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_amd64.deb
        Size/MD5 checksum:  1744812 6c1cd62d31174fce3dae9b8393594c73
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_arm.deb
        Size/MD5 checksum:  1719132 30678772efa350b67ba19b7eb5ebc4c2
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_hppa.deb
        Size/MD5 checksum:  1758480 cc2108239ed20143d7dc8ead6c6cb6c0
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_i386.deb
        Size/MD5 checksum:  1712448 07a390d204baaf83a5fb4cb6745a786a
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_ia64.deb
        Size/MD5 checksum:  1930720 1c95baf380d131f78767af55841566ab
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mips.deb
        Size/MD5 checksum:  1692214 90f1710f68414a17fb4d29168746bbed
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mipsel.deb
        Size/MD5 checksum:  1697294 ce452a37b284bd1c49925482c4be6554
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_powerpc.deb
        Size/MD5 checksum:  1667818 786f2533b336ced17cb15b988586c224
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_s390.deb
        Size/MD5 checksum:  1671506 d8981c0fd7db865ae7a2172b7d6a4ffa
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_sparc.deb
        Size/MD5 checksum:  1622248 f6cd4abafd3ddfdcc50ad4a346bde5cf
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.dsc
        Size/MD5 checksum:     1315 df7cd3ea125815e36b74b98857b3d5be
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz
        Size/MD5 checksum:  3765276 f753413e9c705dee9a23ab8db6c26ee4
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.diff.gz
        Size/MD5 checksum:   127288 eaed626706af274b44a51210f8eb9d13
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.12+dfsg-1.3+lenny1_all.deb
        Size/MD5 checksum:   544388 a26397193d910b2b469fba692760e4a2
      http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.12+dfsg-1.3+lenny1_all.deb
        Size/MD5 checksum:   609908 dbbd73cc5402dc1b3e1ae205546f4d9f
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_alpha.deb
        Size/MD5 checksum:  1754216 1b179d83df0d9efa17f6987e9c9501d8
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_amd64.deb
        Size/MD5 checksum:  1772492 f330caae76805540227bf51974dbd6c6
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_arm.deb
        Size/MD5 checksum:  1756426 ca71fca809dd7268ae73365bfe13fd12
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_armel.deb
        Size/MD5 checksum:  1736800 0d22e152defbd8f1c71831ac407ae34a
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_hppa.deb
        Size/MD5 checksum:  1775916 a9fc238495fe9c5c7f770d08e677639b
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_i386.deb
        Size/MD5 checksum:  1730858 3187b4ea1c4b4827e2016abb8ff44eae
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_ia64.deb
        Size/MD5 checksum:  1964194 6fbf238ebc2e1294349985fb42ccab28
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mips.deb
        Size/MD5 checksum:  1703004 61a50f377061161973b841833752aafb
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mipsel.deb
        Size/MD5 checksum:  1709240 a0f724d83f9435684af2aec5a2386545
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_powerpc.deb
        Size/MD5 checksum:  1710422 41aab00fccc6b17ae3d6a9a4aaccd729
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_s390.deb
        Size/MD5 checksum:  1694918 31692764017d63e6a86f595ed9366e15
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_sparc.deb
        Size/MD5 checksum:  1649130 681f2aa23b6d79c5ecf0e2dec3ffbd7f
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.