LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New openswan packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1760-1                  security@debian.org
http://www.debian.org/security/                      Steffen Joeris
March 30, 2009                   	http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : openswan
Vulnerability  : denial of service
Problem type   : remote
Debian-specific: no
CVE Id         : CVE-2008-4190 CVE-2009-0790
Debian Bug     : 496374


Two vulnerabilities have been discovered in openswan, an IPSec
implementation for linux. The Common Vulnerabilities and Exposures
project identifies the following problems:


CVE-2008-4190

Dmitry E. Oboukhov discovered that the livetest tool is using temporary
files insecurely, which could lead to a denial of service attack.


CVE-2009-0790

Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
to a denial of service attack via a malicious packet.


For the stable distribution (lenny), this problem has been fixed in
version 2.4.12+dfsg-1.3+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 2.4.6+dfsg.2-1.1+etch1.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your openswan packages.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.diff.gz
    Size/MD5 checksum:    92351 d43193ea57c9ba646aa9a2ae479c65dd
  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz
    Size/MD5 checksum:  3555236 e5ef22979f8a67038f445746fdc7ff38
  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.dsc
    Size/MD5 checksum:      887 0bb9a0b8fda2229aed2ea1e7755259db

Architecture independent packages:

  http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch1_all.deb
    Size/MD5 checksum:   598920 7f24c626025d0725409fc5f282834859
  http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch1_all.deb
    Size/MD5 checksum:   525862 69a5d63858abbde46369f1178715bb23

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_alpha.deb
    Size/MD5 checksum:  1742492 a6a7ab937c9a172c74e19bf85ed5af15

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_amd64.deb
    Size/MD5 checksum:  1744812 6c1cd62d31174fce3dae9b8393594c73

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_arm.deb
    Size/MD5 checksum:  1719132 30678772efa350b67ba19b7eb5ebc4c2

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_hppa.deb
    Size/MD5 checksum:  1758480 cc2108239ed20143d7dc8ead6c6cb6c0

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_i386.deb
    Size/MD5 checksum:  1712448 07a390d204baaf83a5fb4cb6745a786a

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_ia64.deb
    Size/MD5 checksum:  1930720 1c95baf380d131f78767af55841566ab

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mips.deb
    Size/MD5 checksum:  1692214 90f1710f68414a17fb4d29168746bbed

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mipsel.deb
    Size/MD5 checksum:  1697294 ce452a37b284bd1c49925482c4be6554

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_powerpc.deb
    Size/MD5 checksum:  1667818 786f2533b336ced17cb15b988586c224

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_s390.deb
    Size/MD5 checksum:  1671506 d8981c0fd7db865ae7a2172b7d6a4ffa

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_sparc.deb
    Size/MD5 checksum:  1622248 f6cd4abafd3ddfdcc50ad4a346bde5cf


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.dsc
    Size/MD5 checksum:     1315 df7cd3ea125815e36b74b98857b3d5be
  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz
    Size/MD5 checksum:  3765276 f753413e9c705dee9a23ab8db6c26ee4
  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.diff.gz
    Size/MD5 checksum:   127288 eaed626706af274b44a51210f8eb9d13

Architecture independent packages:

  http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.12+dfsg-1.3+lenny1_all.deb
    Size/MD5 checksum:   544388 a26397193d910b2b469fba692760e4a2
  http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.12+dfsg-1.3+lenny1_all.deb
    Size/MD5 checksum:   609908 dbbd73cc5402dc1b3e1ae205546f4d9f

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_alpha.deb
    Size/MD5 checksum:  1754216 1b179d83df0d9efa17f6987e9c9501d8

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_amd64.deb
    Size/MD5 checksum:  1772492 f330caae76805540227bf51974dbd6c6

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_arm.deb
    Size/MD5 checksum:  1756426 ca71fca809dd7268ae73365bfe13fd12

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_armel.deb
    Size/MD5 checksum:  1736800 0d22e152defbd8f1c71831ac407ae34a

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_hppa.deb
    Size/MD5 checksum:  1775916 a9fc238495fe9c5c7f770d08e677639b

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_i386.deb
    Size/MD5 checksum:  1730858 3187b4ea1c4b4827e2016abb8ff44eae

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_ia64.deb
    Size/MD5 checksum:  1964194 6fbf238ebc2e1294349985fb42ccab28

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mips.deb
    Size/MD5 checksum:  1703004 61a50f377061161973b841833752aafb

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mipsel.deb
    Size/MD5 checksum:  1709240 a0f724d83f9435684af2aec5a2386545

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_powerpc.deb
    Size/MD5 checksum:  1710422 41aab00fccc6b17ae3d6a9a4aaccd729

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_s390.deb
    Size/MD5 checksum:  1694918 31692764017d63e6a86f595ed9366e15

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_sparc.deb
    Size/MD5 checksum:  1649130 681f2aa23b6d79c5ecf0e2dec3ffbd7f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.