-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1760-1 security@xxxxxxxxxx http://www.debian.org/security/ Steffen Joeris March 30, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : openswan Vulnerability : denial of service Problem type : remote Debian-specific: no CVE Id : CVE-2008-4190 CVE-2009-0790 Debian Bug : 496374 Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4190 Dmitry E. Oboukhov discovered that the livetest tool is using temporary files insecurely, which could lead to a denial of service attack. CVE-2009-0790 Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone to a denial of service attack via a malicious packet. For the stable distribution (lenny), this problem has been fixed in version 2.4.12+dfsg-1.3+lenny1. For the oldstable distribution (etch), this problem has been fixed in version 2.4.6+dfsg.2-1.1+etch1. For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your openswan packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.diff.gz Size/MD5 checksum: 92351 d43193ea57c9ba646aa9a2ae479c65dd http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz Size/MD5 checksum: 3555236 e5ef22979f8a67038f445746fdc7ff38 http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1.dsc Size/MD5 checksum: 887 0bb9a0b8fda2229aed2ea1e7755259db Architecture independent packages: http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch1_all.deb Size/MD5 checksum: 598920 7f24c626025d0725409fc5f282834859 http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch1_all.deb Size/MD5 checksum: 525862 69a5d63858abbde46369f1178715bb23 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_alpha.deb Size/MD5 checksum: 1742492 a6a7ab937c9a172c74e19bf85ed5af15 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_amd64.deb Size/MD5 checksum: 1744812 6c1cd62d31174fce3dae9b8393594c73 arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_arm.deb Size/MD5 checksum: 1719132 30678772efa350b67ba19b7eb5ebc4c2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_hppa.deb Size/MD5 checksum: 1758480 cc2108239ed20143d7dc8ead6c6cb6c0 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_i386.deb Size/MD5 checksum: 1712448 07a390d204baaf83a5fb4cb6745a786a ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_ia64.deb Size/MD5 checksum: 1930720 1c95baf380d131f78767af55841566ab mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mips.deb Size/MD5 checksum: 1692214 90f1710f68414a17fb4d29168746bbed mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_mipsel.deb Size/MD5 checksum: 1697294 ce452a37b284bd1c49925482c4be6554 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_powerpc.deb Size/MD5 checksum: 1667818 786f2533b336ced17cb15b988586c224 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_s390.deb Size/MD5 checksum: 1671506 d8981c0fd7db865ae7a2172b7d6a4ffa sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch1_sparc.deb Size/MD5 checksum: 1622248 f6cd4abafd3ddfdcc50ad4a346bde5cf Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.dsc Size/MD5 checksum: 1315 df7cd3ea125815e36b74b98857b3d5be http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz Size/MD5 checksum: 3765276 f753413e9c705dee9a23ab8db6c26ee4 http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1.diff.gz Size/MD5 checksum: 127288 eaed626706af274b44a51210f8eb9d13 Architecture independent packages: http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.12+dfsg-1.3+lenny1_all.deb Size/MD5 checksum: 544388 a26397193d910b2b469fba692760e4a2 http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.12+dfsg-1.3+lenny1_all.deb Size/MD5 checksum: 609908 dbbd73cc5402dc1b3e1ae205546f4d9f alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_alpha.deb Size/MD5 checksum: 1754216 1b179d83df0d9efa17f6987e9c9501d8 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_amd64.deb Size/MD5 checksum: 1772492 f330caae76805540227bf51974dbd6c6 arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_arm.deb Size/MD5 checksum: 1756426 ca71fca809dd7268ae73365bfe13fd12 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_armel.deb Size/MD5 checksum: 1736800 0d22e152defbd8f1c71831ac407ae34a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_hppa.deb Size/MD5 checksum: 1775916 a9fc238495fe9c5c7f770d08e677639b i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_i386.deb Size/MD5 checksum: 1730858 3187b4ea1c4b4827e2016abb8ff44eae ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_ia64.deb Size/MD5 checksum: 1964194 6fbf238ebc2e1294349985fb42ccab28 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mips.deb Size/MD5 checksum: 1703004 61a50f377061161973b841833752aafb mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_mipsel.deb Size/MD5 checksum: 1709240 a0f724d83f9435684af2aec5a2386545 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_powerpc.deb Size/MD5 checksum: 1710422 41aab00fccc6b17ae3d6a9a4aaccd729 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_s390.deb Size/MD5 checksum: 1694918 31692764017d63e6a86f595ed9366e15 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny1_sparc.deb Size/MD5 checksum: 1649130 681f2aa23b6d79c5ecf0e2dec3ffbd7f These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAknRWVgACgkQ62zWxYk/rQdM1ACgid0sGfS1kqadJoHaEW7L0pxI Wh0An1+M7370NzQhtKcdCemYnVYfBjLK =CeJG -----END PGP SIGNATURE-----