Debian: DSA-1898-1: New openswan packages fix denial of service

    Date02 Oct 2009
    CategoryDebian
    22
    Posted ByLinuxSecurity Advisories
    It was discovered that the pluto daemon in the openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate.
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1898-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Florian Weimer
    October 02, 2009                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : openswan
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2009-2185
    
    It was discovered that the pluto daemon in the openswan, an
    implementation of IPSEC and IKE, could crash when processing a crafted
    X.509 certificate.
    
    For the old stable distribution (etch), this problem has been fixed in
    version 2.4.6+dfsg.2-1.1+etch2.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 2.4.12+dfsg-1.3+lenny2.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 2.6.22+dfsg-1.
    
    We recommend that you upgrade your openswan package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz
        Size/MD5 checksum:  3555236 e5ef22979f8a67038f445746fdc7ff38
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2.diff.gz
        Size/MD5 checksum:    91729 e7772358f397628f18f8590b2381a360
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2.dsc
        Size/MD5 checksum:      879 3210a5ae193686c4f7fcd54c7855d720
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch2_all.deb
        Size/MD5 checksum:   522838 0368797b593a98c90d6e06cbe6743413
      http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch2_all.deb
        Size/MD5 checksum:   599200 1780b2e6a74358d4caf2bde57f3b8f17
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_alpha.deb
        Size/MD5 checksum:  1798002 0c82e879ab4437375188a65edc88dc3c
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_amd64.deb
        Size/MD5 checksum:  1675158 db6086977260bbb4bb122d1bab3d3af5
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_arm.deb
        Size/MD5 checksum:  1718930 99c1b3db0733aa752802d3bac61dee5a
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_hppa.deb
        Size/MD5 checksum:  1771158 7342b46f65862bee24eb47e6d19d3a33
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_i386.deb
        Size/MD5 checksum:  1698718 4149cea4bc3176f5882e4c7f84eabf56
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_ia64.deb
        Size/MD5 checksum:  1930186 e1026107147145804d91567013b23329
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_mips.deb
        Size/MD5 checksum:  1692076 2b7f7d0c3bda2016453e91424c6a483a
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_mipsel.deb
        Size/MD5 checksum:  1697442 5ab952bf26a3b392b5c9ef1406a24019
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_powerpc.deb
        Size/MD5 checksum:  1667696 e84e9f2d87d6cf1b544e650867877c4e
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_s390.deb
        Size/MD5 checksum:  1671262 7d9b4488c61b3261478e4598e2d1cbe9
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_sparc.deb
        Size/MD5 checksum:  1689370 f00222a3310c2758204de6ded56cfa4b
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2.dsc
        Size/MD5 checksum:     1315 2eb502ff966ff81e9da9930889f6199c
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz
        Size/MD5 checksum:  3765276 f753413e9c705dee9a23ab8db6c26ee4
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2.diff.gz
        Size/MD5 checksum:   145354 d0ef8b06a64471210268de94f79bfcbe
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.12+dfsg-1.3+lenny2_all.deb
        Size/MD5 checksum:   613180 a589be2a64b1715d209f9c28a5654ea6
      http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.12+dfsg-1.3+lenny2_all.deb
        Size/MD5 checksum:   537728 e0f72fde54078d6fc805fe27f1a4c688
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_alpha.deb
        Size/MD5 checksum:  1825688 cecb628caabdc6848734f335e4b14813
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_amd64.deb
        Size/MD5 checksum:  1767032 12f084adacc24ebe4f03c6106b6ecc11
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_arm.deb
        Size/MD5 checksum:  1756446 b07bc1876b226a960afcf443cebdf868
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_armel.deb
        Size/MD5 checksum:  1736620 d3f87f7a3756ab47bedeb23cbabc7c29
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_hppa.deb
        Size/MD5 checksum:  1805586 c0d564fc0db6241a52bd5e20fadeecb9
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_i386.deb
        Size/MD5 checksum:  1722564 6d6f09820c51c80105b83c5369b94815
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_ia64.deb
        Size/MD5 checksum:  1964688 ccd9a5a84b6c9517f5cfa65aee91872d
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_mips.deb
        Size/MD5 checksum:  1703500 c1570749962f3d983ce6ab3589ed60ae
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_mipsel.deb
        Size/MD5 checksum:  1710082 1c220e8c8244141f67ae46267ed89844
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_powerpc.deb
        Size/MD5 checksum:  1710982 39f9f36c47954570d88c089ce23d7d32
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_s390.deb
        Size/MD5 checksum:  1695204 d6b47d731eddfd3a443aea2c5e233147
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_sparc.deb
        Size/MD5 checksum:  1717100 e0c7c8bab8e8da06ad88bfa47431b7b1
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":21.43,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"3","type":"x","order":"3","pct":21.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.