- ------------------------------------------------------------------------
Debian Security Advisory DSA-1760-1 security@debian.org
https://www.debian.org/security/ Steffen Joeris
March 30, 2009 https://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openswan
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2008-4190 CVE-2009-0790
Debian Bug : 496374
Two vulnerabilities have been discovered in openswan, an IPSec
implementation for linux. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2008-4190
Dmitry E. Oboukhov discovered that the livetest tool is using temporary
files insecurely, which could lead to a denial of service attack.
CVE-2009-0790
Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
to a denial of service attack via a malicious packet.
For the stable distribution (lenny), this problem has been fixed in
version 2.4.12+dfsg-1.3+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 2.4.6+dfsg.2-1.1+etch1.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your openswan packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 92351 d43193ea57c9ba646aa9a2ae479c65dd
Size/MD5 checksum: 3555236 e5ef22979f8a67038f445746fdc7ff38
Size/MD5 checksum: 887 0bb9a0b8fda2229aed2ea1e7755259db
Architecture independent packages:
Size/MD5 checksum: 598920 7f24c626025d0725409fc5f282834859
Size/MD5 checksum: 525862 69a5d63858abbde46369f1178715bb23
alpha architecture (DEC Alpha)
Size/MD5 checksum: 1742492 a6a7ab937c9a172c74e19bf85ed5af15
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 1744812 6c1cd62d31174fce3dae9b8393594c73
arm architecture (ARM)
Size/MD5 checksum: 1719132 30678772efa350b67ba19b7eb5ebc4c2
hppa architecture (HP PA RISC)
Size/MD5 checksum: 1758480 cc2108239ed20143d7dc8ead6c6cb6c0
i386 architecture (Intel ia32)
Size/MD5 checksum: 1712448 07a390d204baaf83a5fb4cb6745a786a
ia64 architecture (Intel ia64)
Size/MD5 checksum: 1930720 1c95baf380d131f78767af55841566ab
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 1692214 90f1710f68414a17fb4d29168746bbed
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 1697294 ce452a37b284bd1c49925482c4be6554
powerpc architecture (PowerPC)
Size/MD5 checksum: 1667818 786f2533b336ced17cb15b988586c224
s390 architecture (IBM S/390)
Size/MD5 checksum: 1671506 d8981c0fd7db865ae7a2172b7d6a4ffa
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 1622248 f6cd4abafd3ddfdcc50ad4a346bde5cf
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 1315 df7cd3ea125815e36b74b98857b3d5be
Size/MD5 checksum: 3765276 f753413e9c705dee9a23ab8db6c26ee4
Size/MD5 checksum: 127288 eaed626706af274b44a51210f8eb9d13
Architecture independent packages:
Size/MD5 checksum: 544388 a26397193d910b2b469fba692760e4a2
Size/MD5 checksum: 609908 dbbd73cc5402dc1b3e1ae205546f4d9f
alpha architecture (DEC Alpha)
Size/MD5 checksum: 1754216 1b179d83df0d9efa17f6987e9c9501d8
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 1772492 f330caae76805540227bf51974dbd6c6
arm architecture (ARM)
Size/MD5 checksum: 1756426 ca71fca809dd7268ae73365bfe13fd12
armel architecture (ARM EABI)
Size/MD5 checksum: 1736800 0d22e152defbd8f1c71831ac407ae34a
hppa architecture (HP PA RISC)
Size/MD5 checksum: 1775916 a9fc238495fe9c5c7f770d08e677639b
i386 architecture (Intel ia32)
Size/MD5 checksum: 1730858 3187b4ea1c4b4827e2016abb8ff44eae
ia64 architecture (Intel ia64)
Size/MD5 checksum: 1964194 6fbf238ebc2e1294349985fb42ccab28
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 1703004 61a50f377061161973b841833752aafb
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 1709240 a0f724d83f9435684af2aec5a2386545
powerpc architecture (PowerPC)
Size/MD5 checksum: 1710422 41aab00fccc6b17ae3d6a9a4aaccd729
s390 architecture (IBM S/390)
Size/MD5 checksum: 1694918 31692764017d63e6a86f595ed9366e15
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 1649130 681f2aa23b6d79c5ecf0e2dec3ffbd7f
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and https://packages.debian.org/
Debian: DSA-1760-1: New openswan packages fix denial of service
March 31, 2009
Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux
Summary
Two vulnerabilities have been discovered in openswan, an IPSec
implementation for linux. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2008-4190
Dmitry E. Oboukhov discovered that the livetest tool is using temporary
files insecurely, which could lead to a denial of service attack.
CVE-2009-0790
Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
to a denial of service attack via a malicious packet.
For the stable distribution (lenny), this problem has been fixed in
version 2.4.12+dfsg-1.3+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 2.4.6+dfsg.2-1.1+etch1.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your openswan packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 92351 d43193ea57c9ba646aa9a2ae479c65dd
Size/MD5 checksum: 3555236 e5ef22979f8a67038f445746fdc7ff38
Size/MD5 checksum: 887 0bb9a0b8fda2229aed2ea1e7755259db
Architecture independent packages:
Size/MD5 checksum: 598920 7f24c626025d0725409fc5f282834859
Size/MD5 checksum: 525862 69a5d63858abbde46369f1178715bb23
alpha architecture (DEC Alpha)
Size/MD5 checksum: 1742492 a6a7ab937c9a172c74e19bf85ed5af15
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 1744812 6c1cd62d31174fce3dae9b8393594c73
arm architecture (ARM)
Size/MD5 checksum: 1719132 30678772efa350b67ba19b7eb5ebc4c2
hppa architecture (HP PA RISC)
Size/MD5 checksum: 1758480 cc2108239ed20143d7dc8ead6c6cb6c0
i386 architecture (Intel ia32)
Size/MD5 checksum: 1712448 07a390d204baaf83a5fb4cb6745a786a
ia64 architecture (Intel ia64)
Size/MD5 checksum: 1930720 1c95baf380d131f78767af55841566ab
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 1692214 90f1710f68414a17fb4d29168746bbed
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 1697294 ce452a37b284bd1c49925482c4be6554
powerpc architecture (PowerPC)
Size/MD5 checksum: 1667818 786f2533b336ced17cb15b988586c224
s390 architecture (IBM S/390)
Size/MD5 checksum: 1671506 d8981c0fd7db865ae7a2172b7d6a4ffa
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 1622248 f6cd4abafd3ddfdcc50ad4a346bde5cf
Debian GNU/Linux 5.0 alias lenny
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
Size/MD5 checksum: 1315 df7cd3ea125815e36b74b98857b3d5be
Size/MD5 checksum: 3765276 f753413e9c705dee9a23ab8db6c26ee4
Size/MD5 checksum: 127288 eaed626706af274b44a51210f8eb9d13
Architecture independent packages:
Size/MD5 checksum: 544388 a26397193d910b2b469fba692760e4a2
Size/MD5 checksum: 609908 dbbd73cc5402dc1b3e1ae205546f4d9f
alpha architecture (DEC Alpha)
Size/MD5 checksum: 1754216 1b179d83df0d9efa17f6987e9c9501d8
amd64 architecture (AMD x86_64 (AMD64))
Size/MD5 checksum: 1772492 f330caae76805540227bf51974dbd6c6
arm architecture (ARM)
Size/MD5 checksum: 1756426 ca71fca809dd7268ae73365bfe13fd12
armel architecture (ARM EABI)
Size/MD5 checksum: 1736800 0d22e152defbd8f1c71831ac407ae34a
hppa architecture (HP PA RISC)
Size/MD5 checksum: 1775916 a9fc238495fe9c5c7f770d08e677639b
i386 architecture (Intel ia32)
Size/MD5 checksum: 1730858 3187b4ea1c4b4827e2016abb8ff44eae
ia64 architecture (Intel ia64)
Size/MD5 checksum: 1964194 6fbf238ebc2e1294349985fb42ccab28
mips architecture (MIPS (Big Endian))
Size/MD5 checksum: 1703004 61a50f377061161973b841833752aafb
mipsel architecture (MIPS (Little Endian))
Size/MD5 checksum: 1709240 a0f724d83f9435684af2aec5a2386545
powerpc architecture (PowerPC)
Size/MD5 checksum: 1710422 41aab00fccc6b17ae3d6a9a4aaccd729
s390 architecture (IBM S/390)
Size/MD5 checksum: 1694918 31692764017d63e6a86f595ed9366e15
sparc architecture (Sun SPARC/UltraSPARC)
Size/MD5 checksum: 1649130 681f2aa23b6d79c5ecf0e2dec3ffbd7f
These files will probably be moved into the stable distribution on
its next update.
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show
Severity
News
HOWTOs
About Us
Powered By
