Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
DSA 1899-1: New strongswan packages fix denial of service
Posted by Bob on: 10/02/2009 07:50 PM [ Print | 0 comment(s) ]
The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1899-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
October 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : strongswan
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-1957 CVE-2009-1958 CVE-2009-2185 CVE-2009-2661
Debian Bug : 531612 533837 540144
Several remote vulnerabilities have been discovered in strongswan, an
implementation of the IPSEC and IKE protocols. The Common
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-1957
CVE-2009-1958
The charon daemon can crash when processing certain crafted IKEv2
packets. (The old stable distribution (etch) was not affected by
these two problems because it lacks IKEv2 support.)
CVE-2009-2185
CVE-2009-2661
The pluto daemon could crash when processing a crafted X.509
certificate.
For the old stable distribution (etch), these problems have been fixed
in version 2.8.0+dfsg-1+etch2.
For the stable distribution (lenny), these problems have been fixed in
version 4.2.4-5+lenny3.
For the unstable distribution (sid), these problems have been fixed in
version 4.3.2-1.1.
We recommend that you upgrade your strongswan packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.diff.gz
Size/MD5 checksum: 58570 945cc03b76743138f14b9719a204fedb
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz
Size/MD5 checksum: 3155518 8b9ac905b9bcd41fb826e3d67e90a33d
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.dsc
Size/MD5 checksum: 811 6787c4f1c81bc390d2d4c5ef7cd1f004
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_alpha.deb
Size/MD5 checksum: 1210988 0ea0beeecfd0569a417cdd7a8890afa0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_amd64.deb
Size/MD5 checksum: 1100154 e7975b7c9593e6813b1ab2391488fd5e
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_arm.deb
Size/MD5 checksum: 1070960 49bb60a09eeffd0b82abea6a742099ea
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_hppa.deb
Size/MD5 checksum: 1133960 e2fd0221197dfc3624ff95095453883a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_i386.deb
Size/MD5 checksum: 1054160 3859569cbea184e01cb17158458a86e0
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_ia64.deb
Size/MD5 checksum: 1453188 ef4f77c2fafc736399b1cf24eba13ab2
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_mips.deb
Size/MD5 checksum: 1124320 b163fda8163d818f160658bc2b1a764c
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_mipsel.deb
Size/MD5 checksum: 1129922 d6ae9af171b053e87e4cff2ed30588f1
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_powerpc.deb
Size/MD5 checksum: 1097810 c9f14e78602cf64488374ff27edb9fa4
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_s390.deb
Size/MD5 checksum: 1083894 3dac1f759f83817c674e29a9db14dc48
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_sparc.deb
Size/MD5 checksum: 1030670 e52adc5269d580dd987d1a6a6d031872
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3.diff.gz
Size/MD5 checksum: 61133 b619f96758667d0968c5572c3014d8be
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3.dsc
Size/MD5 checksum: 1602 1ea34a8afadc1d588b11d89d9e40a12b
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz
Size/MD5 checksum: 3295212 92ddfaedd6698bc6640927def271d476
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_alpha.deb
Size/MD5 checksum: 1301924 9b04ce068a381ae22f56649c68651986
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_amd64.deb
Size/MD5 checksum: 1180738 035f9bb4259a1e3f2399680a1683a98f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_arm.deb
Size/MD5 checksum: 1028530 f28fcfb750422e4f586510cd7f9f911a
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_armel.deb
Size/MD5 checksum: 1035544 88390cad9b508b2c8fad0aa35dc8239e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_hppa.deb
Size/MD5 checksum: 1217010 94c648fa6a84688768e9b1a879a9f2db
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_i386.deb
Size/MD5 checksum: 1099208 348f57f1abb9b9c29f7ce63454b6b52a
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_ia64.deb
Size/MD5 checksum: 1616200 0ce2671a1eaa92a58ffa749c08acbc83
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_mips.deb
Size/MD5 checksum: 1159422 3147d506d48de6277ac13d313ba8a4f7
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_mipsel.deb
Size/MD5 checksum: 1158848 1a4f6c94e451e86baa7cae2afecd037e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_powerpc.deb
Size/MD5 checksum: 1229396 4c9c95a6f7e1449d788b1fc467643a56
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_s390.deb
Size/MD5 checksum: 1259906 78a3c024f40ccb2d2f2b82e30c978720
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_sparc.deb
Size/MD5 checksum: 1143570 0acb2853fafd6396147fdb019cadc412
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJKxkpjAAoJEL97/wQC1SS+6cAH/iN6t9E8KzYD5dhJIPtoXTEV
i+C0Srsm92j376FctCShabeJbpBaKTNxclTYey9etR65M5DFJMYUvA1KglhDdJ+a
3GdEkdTSFU/foNX3bCfs9/+q2hGtvBbzNOLIYuevsrje7gid7uVIO2F9uHnTPd8X
9E13VbWJ9oDA9bEljTG1ilVMseWhe5tFtPT5zgpE+wVjojzM2mns63XUHCg/iCqT
fyX+2Z15oYoV0UaaLQFlj/Q1D+G1jnp74qkrHVp3zZ/YF6kTSisAjH9jkriM7LjW
0T6U9erGwrdNQgbuzGn79f1y1uiJYc82WWzVBdzG/SmKlCrXIlPLdZAdIW2nSkQ=
=5N4p
-----END PGP SIGNATURE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1899-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
October 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : strongswan
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-1957 CVE-2009-1958 CVE-2009-2185 CVE-2009-2661
Debian Bug : 531612 533837 540144
Several remote vulnerabilities have been discovered in strongswan, an
implementation of the IPSEC and IKE protocols. The Common
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2009-1957
CVE-2009-1958
The charon daemon can crash when processing certain crafted IKEv2
packets. (The old stable distribution (etch) was not affected by
these two problems because it lacks IKEv2 support.)
CVE-2009-2185
CVE-2009-2661
The pluto daemon could crash when processing a crafted X.509
certificate.
For the old stable distribution (etch), these problems have been fixed
in version 2.8.0+dfsg-1+etch2.
For the stable distribution (lenny), these problems have been fixed in
version 4.2.4-5+lenny3.
For the unstable distribution (sid), these problems have been fixed in
version 4.3.2-1.1.
We recommend that you upgrade your strongswan packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.diff.gz
Size/MD5 checksum: 58570 945cc03b76743138f14b9719a204fedb
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz
Size/MD5 checksum: 3155518 8b9ac905b9bcd41fb826e3d67e90a33d
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.dsc
Size/MD5 checksum: 811 6787c4f1c81bc390d2d4c5ef7cd1f004
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_alpha.deb
Size/MD5 checksum: 1210988 0ea0beeecfd0569a417cdd7a8890afa0
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_amd64.deb
Size/MD5 checksum: 1100154 e7975b7c9593e6813b1ab2391488fd5e
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_arm.deb
Size/MD5 checksum: 1070960 49bb60a09eeffd0b82abea6a742099ea
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_hppa.deb
Size/MD5 checksum: 1133960 e2fd0221197dfc3624ff95095453883a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_i386.deb
Size/MD5 checksum: 1054160 3859569cbea184e01cb17158458a86e0
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_ia64.deb
Size/MD5 checksum: 1453188 ef4f77c2fafc736399b1cf24eba13ab2
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_mips.deb
Size/MD5 checksum: 1124320 b163fda8163d818f160658bc2b1a764c
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_mipsel.deb
Size/MD5 checksum: 1129922 d6ae9af171b053e87e4cff2ed30588f1
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_powerpc.deb
Size/MD5 checksum: 1097810 c9f14e78602cf64488374ff27edb9fa4
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_s390.deb
Size/MD5 checksum: 1083894 3dac1f759f83817c674e29a9db14dc48
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_sparc.deb
Size/MD5 checksum: 1030670 e52adc5269d580dd987d1a6a6d031872
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3.diff.gz
Size/MD5 checksum: 61133 b619f96758667d0968c5572c3014d8be
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3.dsc
Size/MD5 checksum: 1602 1ea34a8afadc1d588b11d89d9e40a12b
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz
Size/MD5 checksum: 3295212 92ddfaedd6698bc6640927def271d476
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_alpha.deb
Size/MD5 checksum: 1301924 9b04ce068a381ae22f56649c68651986
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_amd64.deb
Size/MD5 checksum: 1180738 035f9bb4259a1e3f2399680a1683a98f
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_arm.deb
Size/MD5 checksum: 1028530 f28fcfb750422e4f586510cd7f9f911a
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_armel.deb
Size/MD5 checksum: 1035544 88390cad9b508b2c8fad0aa35dc8239e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_hppa.deb
Size/MD5 checksum: 1217010 94c648fa6a84688768e9b1a879a9f2db
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_i386.deb
Size/MD5 checksum: 1099208 348f57f1abb9b9c29f7ce63454b6b52a
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_ia64.deb
Size/MD5 checksum: 1616200 0ce2671a1eaa92a58ffa749c08acbc83
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_mips.deb
Size/MD5 checksum: 1159422 3147d506d48de6277ac13d313ba8a4f7
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_mipsel.deb
Size/MD5 checksum: 1158848 1a4f6c94e451e86baa7cae2afecd037e
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_powerpc.deb
Size/MD5 checksum: 1229396 4c9c95a6f7e1449d788b1fc467643a56
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_s390.deb
Size/MD5 checksum: 1259906 78a3c024f40ccb2d2f2b82e30c978720
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny3_sparc.deb
Size/MD5 checksum: 1143570 0acb2853fafd6396147fdb019cadc412
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJKxkpjAAoJEL97/wQC1SS+6cAH/iN6t9E8KzYD5dhJIPtoXTEV
i+C0Srsm92j376FctCShabeJbpBaKTNxclTYey9etR65M5DFJMYUvA1KglhDdJ+a
3GdEkdTSFU/foNX3bCfs9/+q2hGtvBbzNOLIYuevsrje7gid7uVIO2F9uHnTPd8X
9E13VbWJ9oDA9bEljTG1ilVMseWhe5tFtPT5zgpE+wVjojzM2mns63XUHCg/iCqT
fyX+2Z15oYoV0UaaLQFlj/Q1D+G1jnp74qkrHVp3zZ/YF6kTSisAjH9jkriM7LjW
0T6U9erGwrdNQgbuzGn79f1y1uiJYc82WWzVBdzG/SmKlCrXIlPLdZAdIW2nSkQ=
=5N4p
-----END PGP SIGNATURE-----
