| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Apr 2005 17:59:53 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-107-1] racoon vulnerability
===========================================================
Ubuntu Security Notice USN-107-1 April 05, 2005
ipsec-tools vulnerability
CAN-2005-0398
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
racoon
The problem can be corrected by upgrading the affected package to
version 0.3.3-1ubuntu0.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Sebastian Krahmer discovered a Denial of Service vulnerability in the
racoon daemon. By sending specially crafted ISAKMP packets, a remote
attacker could trigger a buffer overflow which caused racoon to crash.
This update does not introduce any source code changes affecting the
ipsec-tools package. It is necessary to update the version number of
the package in order to support an update to the "racoon" package.
Please note that racoon is not officially supported by Ubuntu (it is
in the "universe" component of the archive).
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.1.diff.gz
Size/MD5: 191538 4cde6e53403236be32d6640b0c3e0482
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.1.dsc
Size/MD5: 705 022ba833374033ad5089ff1250dd0360
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3.orig.tar.gz
Size/MD5: 864122 b141da8ae299c8fdc53e536f6bbc3ad0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.1_amd64.deb
Size/MD5: 106112 96d79a33ea9fca8a4e62b9be790ecc91
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.1_amd64.deb
Size/MD5: 201304 800c93f6ea50b99b635364b8acb98d7b
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.1_i386.deb
Size/MD5: 101104 f36df353beb372625da1aaefd7f641e5
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.1_i386.deb
Size/MD5: 186172 d0213fee3f32816c0e83c227064891fc
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.1_powerpc.deb
Size/MD5: 108824 cc6193f450715b21e4c16b8bea002399
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.1_powerpc.deb
Size/MD5: 195936 4ab4dd044d8f31d17d8022bcd8539370
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists