DSA 1759-1: New strongswan packages fix denial of service
Posted on: 03/31/2009 12:55 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1759-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
March 30, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : strongswan
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-0790


Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an
IPSec implementation for linux, is prone to a denial of service attack
via a malicious packet.


For the stable distribution (lenny), this problem has been fixed in
version 4.2.4-5+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 2.8.0+dfsg-1+etch1.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your strongswan packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.dsc
Size/MD5 checksum: 811 15760a0423c8cf0829c0f71d5424ab27
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz
Size/MD5 checksum: 3155518 8b9ac905b9bcd41fb826e3d67e90a33d
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.diff.gz
Size/MD5 checksum: 57545 276bae2bae3230bcef527b44f3b9fb99

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_alpha.deb
Size/MD5 checksum: 1197696 7fc7c6438f1c2739373c193784934461

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_amd64.deb
Size/MD5 checksum: 1100438 4004ce8cfc2b2de41712a4d73a520de2

arm architecture (ARM)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_arm.deb
Size/MD5 checksum: 1070794 dc1e10007ea82d547591052d032e0216

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_hppa.deb
Size/MD5 checksum: 1136062 9f5996ea05d930e0a7a361336263be58

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_i386.deb
Size/MD5 checksum: 1051780 25b41b38e8698a6f61b3f4f523ca52c7

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_ia64.deb
Size/MD5 checksum: 1454480 19818a3ec7756710ea1abfdbd9ebadcc

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mips.deb
Size/MD5 checksum: 1124636 be7189aac59d98fbec7a9bf9a5f7b74d

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mipsel.deb
Size/MD5 checksum: 1130402 25bdc2ca2651db73a88f079902a35f43

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_powerpc.deb
Size/MD5 checksum: 1097994 e1eb29c9c4dd776259178308a6b40a04

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_s390.deb
Size/MD5 checksum: 1084268 90b6459bb59a264eaf1aa2b26ed82acd

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_sparc.deb
Size/MD5 checksum: 1024106 9ad2a093d9efad364a0eb80a0f20057f


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.dsc
Size/MD5 checksum: 1310 c6dc3521aee080f275ea0f65ded35bca
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.diff.gz
Size/MD5 checksum: 57299 b6d1af4a7144d5289400f35dcd18eb5e
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz
Size/MD5 checksum: 3295212 92ddfaedd6698bc6640927def271d476

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_alpha.deb
Size/MD5 checksum: 1301122 7c83dcbdcdb177e9bc83361d4c064f6d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_amd64.deb
Size/MD5 checksum: 1178112 875f877f564c88b885ebf68be2478f0c

arm architecture (ARM)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_arm.deb
Size/MD5 checksum: 1034248 3c20d44508cc5255c3e6ad74cf9cac9c

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_armel.deb
Size/MD5 checksum: 1034868 457ca8749ced0c177c5825ca953423e7

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_hppa.deb
Size/MD5 checksum: 1214270 353bde7aacb7e5a875ba8d715da70caa

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_i386.deb
Size/MD5 checksum: 1099806 02a117d38e15ecf3e0b2667985b7710e

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_ia64.deb
Size/MD5 checksum: 1615308 d0f1ed5581a772eecf3801a45d57ab95

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mips.deb
Size/MD5 checksum: 1158540 656a66202077e4f55d24433af6ab3ce5

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mipsel.deb
Size/MD5 checksum: 1157848 614cad1bdd081160a3fe74e3d1e4e902

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_powerpc.deb
Size/MD5 checksum: 1228470 6dbb9fa6379444c2f0cebba7fc417027

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_s390.deb
Size/MD5 checksum: 1258802 d92712a84cbb2d2c181546927d4f9f36

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_sparc.deb
Size/MD5 checksum: 1142494 cd69f7750be1e6cc0e83003e74480bde


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknRWVUACgkQ62zWxYk/rQcthACguH1lywBH1O1XrntR2Vocpnh2
yhwAn36Y2AGH1gdtwYxXMggU37a35Izc
=WEU7
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1759_1_new_strongswan_packages_fix_denial_of_service.html)