DSA 1760-1: New openswan packages fix denial of service
Posted on: 03/31/2009 03:10 AM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1760-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
March 30, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : openswan
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2008-4190 CVE-2009-0790
Debian Bug : 496374


Two vulnerabilities have been discovered in openswan, an IPSec
implementation for linux. The Common Vulnerabilities and Exposures
project identifies the following problems:


CVE-2008-4190

Dmitry E. Oboukhov discovered that the livetest tool is using temporary
files insecurely, which could lead to a denial of service attack.


CVE-2009-0790

Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
to a denial of service attack via a malicious packet.


For the stable distribution (lenny), this problem has been fixed in
version 2.4.12+dfsg-1.3+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 2.4.6+dfsg.2-1.1+etch1.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your openswan packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.diff.gz
Size/MD5 checksum: 92351 d43193ea57c9ba646aa9a2ae479c65dd
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz
Size/MD5 checksum: 3555236 e5ef22979f8a67038f445746fdc7ff38
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.dsc
Size/MD5 checksum: 887 0bb9a0b8fda2229aed2ea1e7755259db

Architecture independent packages:

http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch1_all.deb
Size/MD5 checksum: 598920 7f24c626025d0725409fc5f282834859
http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch1_all.deb
Size/MD5 checksum: 525862 69a5d63858abbde46369f1178715bb23

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_alpha.deb
Size/MD5 checksum: 1742492 a6a7ab937c9a172c74e19bf85ed5af15

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_amd64.deb
Size/MD5 checksum: 1744812 6c1cd62d31174fce3dae9b8393594c73

arm architecture (ARM)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_arm.deb
Size/MD5 checksum: 1719132 30678772efa350b67ba19b7eb5ebc4c2

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_hppa.deb
Size/MD5 checksum: 1758480 cc2108239ed20143d7dc8ead6c6cb6c0

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_i386.deb
Size/MD5 checksum: 1712448 07a390d204baaf83a5fb4cb6745a786a

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_ia64.deb
Size/MD5 checksum: 1930720 1c95baf380d131f78767af55841566ab

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mips.deb
Size/MD5 checksum: 1692214 90f1710f68414a17fb4d29168746bbed

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mipsel.deb
Size/MD5 checksum: 1697294 ce452a37b284bd1c49925482c4be6554

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_powerpc.deb
Size/MD5 checksum: 1667818 786f2533b336ced17cb15b988586c224

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_s390.deb
Size/MD5 checksum: 1671506 d8981c0fd7db865ae7a2172b7d6a4ffa

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_sparc.deb
Size/MD5 checksum: 1622248 f6cd4abafd3ddfdcc50ad4a346bde5cf


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.dsc
Size/MD5 checksum: 1315 df7cd3ea125815e36b74b98857b3d5be
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz
Size/MD5 checksum: 3765276 f753413e9c705dee9a23ab8db6c26ee4
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.diff.gz
Size/MD5 checksum: 127288 eaed626706af274b44a51210f8eb9d13

Architecture independent packages:

http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.12+dfsg-1.3+lenny1_all.deb
Size/MD5 checksum: 544388 a26397193d910b2b469fba692760e4a2
http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.12+dfsg-1.3+lenny1_all.deb
Size/MD5 checksum: 609908 dbbd73cc5402dc1b3e1ae205546f4d9f

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_alpha.deb
Size/MD5 checksum: 1754216 1b179d83df0d9efa17f6987e9c9501d8

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_amd64.deb
Size/MD5 checksum: 1772492 f330caae76805540227bf51974dbd6c6

arm architecture (ARM)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_arm.deb
Size/MD5 checksum: 1756426 ca71fca809dd7268ae73365bfe13fd12

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_armel.deb
Size/MD5 checksum: 1736800 0d22e152defbd8f1c71831ac407ae34a

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_hppa.deb
Size/MD5 checksum: 1775916 a9fc238495fe9c5c7f770d08e677639b

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_i386.deb
Size/MD5 checksum: 1730858 3187b4ea1c4b4827e2016abb8ff44eae

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_ia64.deb
Size/MD5 checksum: 1964194 6fbf238ebc2e1294349985fb42ccab28

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mips.deb
Size/MD5 checksum: 1703004 61a50f377061161973b841833752aafb

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mipsel.deb
Size/MD5 checksum: 1709240 a0f724d83f9435684af2aec5a2386545

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_powerpc.deb
Size/MD5 checksum: 1710422 41aab00fccc6b17ae3d6a9a4aaccd729

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_s390.deb
Size/MD5 checksum: 1694918 31692764017d63e6a86f595ed9366e15

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_sparc.deb
Size/MD5 checksum: 1649130 681f2aa23b6d79c5ecf0e2dec3ffbd7f


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknRWVgACgkQ62zWxYk/rQdM1ACgid0sGfS1kqadJoHaEW7L0pxI
Wh0An1+M7370NzQhtKcdCemYnVYfBjLK
=CeJG
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1760_1_new_openswan_packages_fix_denial_of_service.html)