Debian 9890 Published by

The following updates has been released for Debian GNU/Linux 7 LTS:

[DLA 1044-1] ipsec-tools security update
[DLA 841-2] apache2 regression update



[DLA 1044-1] ipsec-tools security update

Package : ipsec-tools
Version : 1:0.8.0-14+deb7u1
CVE ID : CVE-2016-10396
Debian Bug : 867986

The racoon daemon in IPsec-Tools 0.8.2 and earlier contains a remotely
exploitable computational-complexity attack when parsing and storing
ISAKMP fragments. The implementation permits a remote attacker to
exhaust computational resources on the remote endpoint by repeatedly
sending ISAKMP fragment packets in a particular order such that the
worst-case computational complexity is realized in the algorithm
utilized to determine if reassembly of the fragments can take place.

For Debian 7 "Wheezy", these problems have been fixed in version
1:0.8.0-14+deb7u2.

We recommend that you upgrade your ipsec-tools packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 841-2] apache2 regression update

Package : apache2
Version : 2.2.22-13+deb7u11
CVE ID : CVE-2015-0253 CVE-2016-8743
Debian Bug : 858373

The fix for CVE-2016-8743 introduced a regression which would segfault
apache workers under certain conditions (#858373), an issue similar to
previously fixed CVE-2015-0253.

The issue was introduced in DLA-841-1 and the associated
2.2.22-13+deb7u8 package version. For Debian 7 "Wheezy", these
problems have been fixed in version 2.2.22-13+deb7u11.

We recommend that you upgrade your apache2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS