[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20090330234943.BC2CCB900E0@hannah.localdomain>
Date: Tue, 31 Mar 2009 10:49:43 +1100 (EST)
From: white@...ian.org (Steffen Joeris)
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 1760-1] New openswan packages fix
denial of service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1760-1 security@...ian.org
http://www.debian.org/security/ Steffen Joeris
March 30, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openswan
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2008-4190 CVE-2009-0790
Debian Bug : 496374
Two vulnerabilities have been discovered in openswan, an IPSec
implementation for linux. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2008-4190
Dmitry E. Oboukhov discovered that the livetest tool is using temporary
files insecurely, which could lead to a denial of service attack.
CVE-2009-0790
Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
to a denial of service attack via a malicious packet.
For the stable distribution (lenny), this problem has been fixed in
version 2.4.12+dfsg-1.3+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 2.4.6+dfsg.2-1.1+etch1.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your openswan packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.diff.gz
Size/MD5 checksum: 92351 d43193ea57c9ba646aa9a2ae479c65dd
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz
Size/MD5 checksum: 3555236 e5ef22979f8a67038f445746fdc7ff38
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.dsc
Size/MD5 checksum: 887 0bb9a0b8fda2229aed2ea1e7755259db
Architecture independent packages:
http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch1_all.deb
Size/MD5 checksum: 598920 7f24c626025d0725409fc5f282834859
http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch1_all.deb
Size/MD5 checksum: 525862 69a5d63858abbde46369f1178715bb23
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_alpha.deb
Size/MD5 checksum: 1742492 a6a7ab937c9a172c74e19bf85ed5af15
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_amd64.deb
Size/MD5 checksum: 1744812 6c1cd62d31174fce3dae9b8393594c73
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_arm.deb
Size/MD5 checksum: 1719132 30678772efa350b67ba19b7eb5ebc4c2
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_hppa.deb
Size/MD5 checksum: 1758480 cc2108239ed20143d7dc8ead6c6cb6c0
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_i386.deb
Size/MD5 checksum: 1712448 07a390d204baaf83a5fb4cb6745a786a
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_ia64.deb
Size/MD5 checksum: 1930720 1c95baf380d131f78767af55841566ab
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mips.deb
Size/MD5 checksum: 1692214 90f1710f68414a17fb4d29168746bbed
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mipsel.deb
Size/MD5 checksum: 1697294 ce452a37b284bd1c49925482c4be6554
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_powerpc.deb
Size/MD5 checksum: 1667818 786f2533b336ced17cb15b988586c224
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_s390.deb
Size/MD5 checksum: 1671506 d8981c0fd7db865ae7a2172b7d6a4ffa
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_sparc.deb
Size/MD5 checksum: 1622248 f6cd4abafd3ddfdcc50ad4a346bde5cf
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.dsc
Size/MD5 checksum: 1315 df7cd3ea125815e36b74b98857b3d5be
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz
Size/MD5 checksum: 3765276 f753413e9c705dee9a23ab8db6c26ee4
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.diff.gz
Size/MD5 checksum: 127288 eaed626706af274b44a51210f8eb9d13
Architecture independent packages:
http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.12+dfsg-1.3+lenny1_all.deb
Size/MD5 checksum: 544388 a26397193d910b2b469fba692760e4a2
http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.12+dfsg-1.3+lenny1_all.deb
Size/MD5 checksum: 609908 dbbd73cc5402dc1b3e1ae205546f4d9f
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_alpha.deb
Size/MD5 checksum: 1754216 1b179d83df0d9efa17f6987e9c9501d8
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_amd64.deb
Size/MD5 checksum: 1772492 f330caae76805540227bf51974dbd6c6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_arm.deb
Size/MD5 checksum: 1756426 ca71fca809dd7268ae73365bfe13fd12
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_armel.deb
Size/MD5 checksum: 1736800 0d22e152defbd8f1c71831ac407ae34a
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_hppa.deb
Size/MD5 checksum: 1775916 a9fc238495fe9c5c7f770d08e677639b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_i386.deb
Size/MD5 checksum: 1730858 3187b4ea1c4b4827e2016abb8ff44eae
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_ia64.deb
Size/MD5 checksum: 1964194 6fbf238ebc2e1294349985fb42ccab28
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mips.deb
Size/MD5 checksum: 1703004 61a50f377061161973b841833752aafb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mipsel.deb
Size/MD5 checksum: 1709240 a0f724d83f9435684af2aec5a2386545
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_powerpc.deb
Size/MD5 checksum: 1710422 41aab00fccc6b17ae3d6a9a4aaccd729
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_s390.deb
Size/MD5 checksum: 1694918 31692764017d63e6a86f595ed9366e15
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_sparc.deb
Size/MD5 checksum: 1649130 681f2aa23b6d79c5ecf0e2dec3ffbd7f
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknRWVgACgkQ62zWxYk/rQdM1ACgid0sGfS1kqadJoHaEW7L0pxI
Wh0An1+M7370NzQhtKcdCemYnVYfBjLK
=CeJG
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists