Debian: DSA-1899-1: New strongswan packages fix denial of service

    Date02 Oct 2009
    CategoryDebian
    27
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols. The Common Vulnerabilities and Exposures project identifies the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1899-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Florian Weimer
    October 02, 2009                      http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : strongswan
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2009-1957 CVE-2009-1958 CVE-2009-2185 CVE-2009-2661
    Debian Bug     : 531612 533837 540144
    
    Several remote vulnerabilities have been discovered in strongswan, an
    implementation of the IPSEC and IKE protocols.  The Common
    Vulnerabilities and Exposures project identifies the following
    problems:
    
    CVE-2009-1957
    CVE-2009-1958
    
    The charon daemon can crash when processing certain crafted IKEv2
    packets.  (The old stable distribution (etch) was not affected by
    these two problems because it lacks IKEv2 support.)
    
    CVE-2009-2185
    CVE-2009-2661
    
    The pluto daemon could crash when processing a crafted X.509
    certificate.
    
    For the old stable distribution (etch), these problems have been fixed
    in version 2.8.0+dfsg-1+etch2.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 4.2.4-5+lenny3.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 4.3.2-1.1.
    
    We recommend that you upgrade your strongswan packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.diff.gz
        Size/MD5 checksum:    58570 945cc03b76743138f14b9719a204fedb
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz
        Size/MD5 checksum:  3155518 8b9ac905b9bcd41fb826e3d67e90a33d
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.dsc
        Size/MD5 checksum:      811 6787c4f1c81bc390d2d4c5ef7cd1f004
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_alpha.deb
        Size/MD5 checksum:  1210988 0ea0beeecfd0569a417cdd7a8890afa0
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_amd64.deb
        Size/MD5 checksum:  1100154 e7975b7c9593e6813b1ab2391488fd5e
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_arm.deb
        Size/MD5 checksum:  1070960 49bb60a09eeffd0b82abea6a742099ea
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_hppa.deb
        Size/MD5 checksum:  1133960 e2fd0221197dfc3624ff95095453883a
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_i386.deb
        Size/MD5 checksum:  1054160 3859569cbea184e01cb17158458a86e0
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_ia64.deb
        Size/MD5 checksum:  1453188 ef4f77c2fafc736399b1cf24eba13ab2
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_mips.deb
        Size/MD5 checksum:  1124320 b163fda8163d818f160658bc2b1a764c
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_mipsel.deb
        Size/MD5 checksum:  1129922 d6ae9af171b053e87e4cff2ed30588f1
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_powerpc.deb
        Size/MD5 checksum:  1097810 c9f14e78602cf64488374ff27edb9fa4
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_s390.deb
        Size/MD5 checksum:  1083894 3dac1f759f83817c674e29a9db14dc48
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_sparc.deb
        Size/MD5 checksum:  1030670 e52adc5269d580dd987d1a6a6d031872
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3.diff.gz
        Size/MD5 checksum:    61133 b619f96758667d0968c5572c3014d8be
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3.dsc
        Size/MD5 checksum:     1602 1ea34a8afadc1d588b11d89d9e40a12b
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz
        Size/MD5 checksum:  3295212 92ddfaedd6698bc6640927def271d476
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_alpha.deb
        Size/MD5 checksum:  1301924 9b04ce068a381ae22f56649c68651986
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_amd64.deb
        Size/MD5 checksum:  1180738 035f9bb4259a1e3f2399680a1683a98f
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_arm.deb
        Size/MD5 checksum:  1028530 f28fcfb750422e4f586510cd7f9f911a
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_armel.deb
        Size/MD5 checksum:  1035544 88390cad9b508b2c8fad0aa35dc8239e
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_hppa.deb
        Size/MD5 checksum:  1217010 94c648fa6a84688768e9b1a879a9f2db
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_i386.deb
        Size/MD5 checksum:  1099208 348f57f1abb9b9c29f7ce63454b6b52a
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_ia64.deb
        Size/MD5 checksum:  1616200 0ce2671a1eaa92a58ffa749c08acbc83
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_mips.deb
        Size/MD5 checksum:  1159422 3147d506d48de6277ac13d313ba8a4f7
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_mipsel.deb
        Size/MD5 checksum:  1158848 1a4f6c94e451e86baa7cae2afecd037e
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_powerpc.deb
        Size/MD5 checksum:  1229396 4c9c95a6f7e1449d788b1fc467643a56
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_s390.deb
        Size/MD5 checksum:  1259906 78a3c024f40ccb2d2f2b82e30c978720
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_sparc.deb
        Size/MD5 checksum:  1143570 0acb2853fafd6396147fdb019cadc412
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.