SciLinux: CVE-2009-2185 Important: openswan SL5.x i386/x86_64
Summary
Date: Thu, 2 Jul 2009 16:48:52 -0500Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: openswan on SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Important: openswan security updateIssue date: 2009-07-02CVE Names: CVE-2009-2185Multiple insufficient input validation flaws were found in the wayOpenswan's pluto IKE daemon processed some fields of X.509 certificates. A remote attacker could provide a specially-crafted X.509 certificate that would crash the pluto daemon. (CVE-2009-2185)After installing this update, the ipsec service will be restarted automatically.SL 5.x SRPMS:openswan-2.6.14-1.el5_3.3.src.rpm i386:openswan-2.6.14-1.el5_3.3.i386.rpmopenswan-doc-2.6.14-1.el5_3.3.i386.rpm x86_64:openswan-2.6.14-1.el5_3.3.x86_64.rpmopenswan-doc-2.6.14-1.el5_3.3.x86_64.rpm-Connie Sieh-Troy Dawson