-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1898-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
October 02, 2009                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : openswan
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-2185

It was discovered that the pluto daemon in the openswan, an
implementation of IPSEC and IKE, could crash when processing a crafted
X.509 certificate.

For the old stable distribution (etch), this problem has been fixed in
version 2.4.6+dfsg.2-1.1+etch2.

For the stable distribution (lenny), this problem has been fixed in
version 2.4.12+dfsg-1.3+lenny2.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.22+dfsg-1.

We recommend that you upgrade your openswan package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

      Size/MD5 checksum:  3555236 e5ef22979f8a67038f445746fdc7ff38
      Size/MD5 checksum:    91729 e7772358f397628f18f8590b2381a360
      Size/MD5 checksum:      879 3210a5ae193686c4f7fcd54c7855d720

Architecture independent packages:

      Size/MD5 checksum:   522838 0368797b593a98c90d6e06cbe6743413
      Size/MD5 checksum:   599200 1780b2e6a74358d4caf2bde57f3b8f17

alpha architecture (DEC Alpha)

      Size/MD5 checksum:  1798002 0c82e879ab4437375188a65edc88dc3c

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:  1675158 db6086977260bbb4bb122d1bab3d3af5

arm architecture (ARM)

      Size/MD5 checksum:  1718930 99c1b3db0733aa752802d3bac61dee5a

hppa architecture (HP PA RISC)

      Size/MD5 checksum:  1771158 7342b46f65862bee24eb47e6d19d3a33

i386 architecture (Intel ia32)

      Size/MD5 checksum:  1698718 4149cea4bc3176f5882e4c7f84eabf56

ia64 architecture (Intel ia64)

      Size/MD5 checksum:  1930186 e1026107147145804d91567013b23329

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:  1692076 2b7f7d0c3bda2016453e91424c6a483a

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:  1697442 5ab952bf26a3b392b5c9ef1406a24019

powerpc architecture (PowerPC)

      Size/MD5 checksum:  1667696 e84e9f2d87d6cf1b544e650867877c4e

s390 architecture (IBM S/390)

      Size/MD5 checksum:  1671262 7d9b4488c61b3261478e4598e2d1cbe9

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:  1689370 f00222a3310c2758204de6ded56cfa4b

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

      Size/MD5 checksum:     1315 2eb502ff966ff81e9da9930889f6199c
      Size/MD5 checksum:  3765276 f753413e9c705dee9a23ab8db6c26ee4
      Size/MD5 checksum:   145354 d0ef8b06a64471210268de94f79bfcbe

Architecture independent packages:

      Size/MD5 checksum:   613180 a589be2a64b1715d209f9c28a5654ea6
      Size/MD5 checksum:   537728 e0f72fde54078d6fc805fe27f1a4c688

alpha architecture (DEC Alpha)

      Size/MD5 checksum:  1825688 cecb628caabdc6848734f335e4b14813

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:  1767032 12f084adacc24ebe4f03c6106b6ecc11

arm architecture (ARM)

      Size/MD5 checksum:  1756446 b07bc1876b226a960afcf443cebdf868

armel architecture (ARM EABI)

      Size/MD5 checksum:  1736620 d3f87f7a3756ab47bedeb23cbabc7c29

hppa architecture (HP PA RISC)

      Size/MD5 checksum:  1805586 c0d564fc0db6241a52bd5e20fadeecb9

i386 architecture (Intel ia32)

      Size/MD5 checksum:  1722564 6d6f09820c51c80105b83c5369b94815

ia64 architecture (Intel ia64)

      Size/MD5 checksum:  1964688 ccd9a5a84b6c9517f5cfa65aee91872d

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:  1703500 c1570749962f3d983ce6ab3589ed60ae

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:  1710082 1c220e8c8244141f67ae46267ed89844

powerpc architecture (PowerPC)

      Size/MD5 checksum:  1710982 39f9f36c47954570d88c089ce23d7d32

s390 architecture (IBM S/390)

      Size/MD5 checksum:  1695204 d6b47d731eddfd3a443aea2c5e233147

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:  1717100 e0c7c8bab8e8da06ad88bfa47431b7b1


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Debian: DSA-1898-1: New openswan packages fix denial of service

October 2, 2009
It was discovered that the pluto daemon in the openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate

Summary

It was discovered that the pluto daemon in the openswan, an
implementation of IPSEC and IKE, could crash when processing a crafted
X.509 certificate.

For the old stable distribution (etch), this problem has been fixed in
version 2.4.6+dfsg.2-1.1+etch2.

For the stable distribution (lenny), this problem has been fixed in
version 2.4.12+dfsg-1.3+lenny2.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.22+dfsg-1.

We recommend that you upgrade your openswan package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch

Source archives:

Size/MD5 checksum: 3555236 e5ef22979f8a67038f445746fdc7ff38
Size/MD5 checksum: 91729 e7772358f397628f18f8590b2381a360
Size/MD5 checksum: 879 3210a5ae193686c4f7fcd54c7855d720

Architecture independent packages:

Size/MD5 checksum: 522838 0368797b593a98c90d6e06cbe6743413
Size/MD5 checksum: 599200 1780b2e6a74358d4caf2bde57f3b8f17

alpha architecture (DEC Alpha)

Size/MD5 checksum: 1798002 0c82e879ab4437375188a65edc88dc3c

amd64 architecture (AMD x86_64 (AMD64))

Size/MD5 checksum: 1675158 db6086977260bbb4bb122d1bab3d3af5

arm architecture (ARM)

Size/MD5 checksum: 1718930 99c1b3db0733aa752802d3bac61dee5a

hppa architecture (HP PA RISC)

Size/MD5 checksum: 1771158 7342b46f65862bee24eb47e6d19d3a33

i386 architecture (Intel ia32)

Size/MD5 checksum: 1698718 4149cea4bc3176f5882e4c7f84eabf56

ia64 architecture (Intel ia64)

Size/MD5 checksum: 1930186 e1026107147145804d91567013b23329

mips architecture (MIPS (Big Endian))

Size/MD5 checksum: 1692076 2b7f7d0c3bda2016453e91424c6a483a

mipsel architecture (MIPS (Little Endian))

Size/MD5 checksum: 1697442 5ab952bf26a3b392b5c9ef1406a24019

powerpc architecture (PowerPC)

Size/MD5 checksum: 1667696 e84e9f2d87d6cf1b544e650867877c4e

s390 architecture (IBM S/390)

Size/MD5 checksum: 1671262 7d9b4488c61b3261478e4598e2d1cbe9

sparc architecture (Sun SPARC/UltraSPARC)

Size/MD5 checksum: 1689370 f00222a3310c2758204de6ded56cfa4b

Debian GNU/Linux 5.0 alias lenny

Source archives:

Size/MD5 checksum: 1315 2eb502ff966ff81e9da9930889f6199c
Size/MD5 checksum: 3765276 f753413e9c705dee9a23ab8db6c26ee4
Size/MD5 checksum: 145354 d0ef8b06a64471210268de94f79bfcbe

Architecture independent packages:

Size/MD5 checksum: 613180 a589be2a64b1715d209f9c28a5654ea6
Size/MD5 checksum: 537728 e0f72fde54078d6fc805fe27f1a4c688

alpha architecture (DEC Alpha)

Size/MD5 checksum: 1825688 cecb628caabdc6848734f335e4b14813

amd64 architecture (AMD x86_64 (AMD64))

Size/MD5 checksum: 1767032 12f084adacc24ebe4f03c6106b6ecc11

arm architecture (ARM)

Size/MD5 checksum: 1756446 b07bc1876b226a960afcf443cebdf868

armel architecture (ARM EABI)

Size/MD5 checksum: 1736620 d3f87f7a3756ab47bedeb23cbabc7c29

hppa architecture (HP PA RISC)

Size/MD5 checksum: 1805586 c0d564fc0db6241a52bd5e20fadeecb9

i386 architecture (Intel ia32)

Size/MD5 checksum: 1722564 6d6f09820c51c80105b83c5369b94815

ia64 architecture (Intel ia64)

Size/MD5 checksum: 1964688 ccd9a5a84b6c9517f5cfa65aee91872d

mips architecture (MIPS (Big Endian))

Size/MD5 checksum: 1703500 c1570749962f3d983ce6ab3589ed60ae

mipsel architecture (MIPS (Little Endian))

Size/MD5 checksum: 1710082 1c220e8c8244141f67ae46267ed89844

powerpc architecture (PowerPC)

Size/MD5 checksum: 1710982 39f9f36c47954570d88c089ce23d7d32

s390 architecture (IBM S/390)

Size/MD5 checksum: 1695204 d6b47d731eddfd3a443aea2c5e233147

sparc architecture (Sun SPARC/UltraSPARC)

Size/MD5 checksum: 1717100 e0c7c8bab8e8da06ad88bfa47431b7b1


These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Severity
Package : openswan
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-2185

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved