Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2009.1366 New openswan packages fix denial of service 5 October 2009 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: openswan Publisher: Debian Operating System: Debian GNU/Linux 4 Debian GNU/Linux 5 Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2009-2185 Reference: AA-2009.0154 ESB-2009.1012 Original Bulletin: http://www.debian.org/security/2009/dsa-1898 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ Debian Security Advisory DSA-1898-1 security@debian.org http://www.debian.org/security/ Florian Weimer October 02, 2009 http://www.debian.org/security/faq - - ------------------------------------------------------------------------ Package : openswan Problem type : remote Debian-specific: no CVE Id(s) : CVE-2009-2185 It was discovered that the pluto daemon in the openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate. For the old stable distribution (etch), this problem has been fixed in version 2.4.6+dfsg.2-1.1+etch2. For the stable distribution (lenny), this problem has been fixed in version 2.4.12+dfsg-1.3+lenny2. For the unstable distribution (sid), this problem has been fixed in version 2.6.22+dfsg-1. We recommend that you upgrade your openswan package. Upgrade instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz Size/MD5 checksum: 3555236 e5ef22979f8a67038f445746fdc7ff38 http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2.diff.gz Size/MD5 checksum: 91729 e7772358f397628f18f8590b2381a360 http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2.dsc Size/MD5 checksum: 879 3210a5ae193686c4f7fcd54c7855d720 Architecture independent packages: http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch2_all.deb Size/MD5 checksum: 522838 0368797b593a98c90d6e06cbe6743413 http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch2_all.deb Size/MD5 checksum: 599200 1780b2e6a74358d4caf2bde57f3b8f17 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_alpha.deb Size/MD5 checksum: 1798002 0c82e879ab4437375188a65edc88dc3c amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_amd64.deb Size/MD5 checksum: 1675158 db6086977260bbb4bb122d1bab3d3af5 arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_arm.deb Size/MD5 checksum: 1718930 99c1b3db0733aa752802d3bac61dee5a hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_hppa.deb Size/MD5 checksum: 1771158 7342b46f65862bee24eb47e6d19d3a33 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_i386.deb Size/MD5 checksum: 1698718 4149cea4bc3176f5882e4c7f84eabf56 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_ia64.deb Size/MD5 checksum: 1930186 e1026107147145804d91567013b23329 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_mips.deb Size/MD5 checksum: 1692076 2b7f7d0c3bda2016453e91424c6a483a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_mipsel.deb Size/MD5 checksum: 1697442 5ab952bf26a3b392b5c9ef1406a24019 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_powerpc.deb Size/MD5 checksum: 1667696 e84e9f2d87d6cf1b544e650867877c4e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_s390.deb Size/MD5 checksum: 1671262 7d9b4488c61b3261478e4598e2d1cbe9 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_sparc.deb Size/MD5 checksum: 1689370 f00222a3310c2758204de6ded56cfa4b Debian GNU/Linux 5.0 alias lenny - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2.dsc Size/MD5 checksum: 1315 2eb502ff966ff81e9da9930889f6199c http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz Size/MD5 checksum: 3765276 f753413e9c705dee9a23ab8db6c26ee4 http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2.diff.gz Size/MD5 checksum: 145354 d0ef8b06a64471210268de94f79bfcbe Architecture independent packages: http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.12+dfsg-1.3+lenny2_all.deb Size/MD5 checksum: 613180 a589be2a64b1715d209f9c28a5654ea6 http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.12+dfsg-1.3+lenny2_all.deb Size/MD5 checksum: 537728 e0f72fde54078d6fc805fe27f1a4c688 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_alpha.deb Size/MD5 checksum: 1825688 cecb628caabdc6848734f335e4b14813 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_amd64.deb Size/MD5 checksum: 1767032 12f084adacc24ebe4f03c6106b6ecc11 arm architecture (ARM) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_arm.deb Size/MD5 checksum: 1756446 b07bc1876b226a960afcf443cebdf868 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_armel.deb Size/MD5 checksum: 1736620 d3f87f7a3756ab47bedeb23cbabc7c29 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_hppa.deb Size/MD5 checksum: 1805586 c0d564fc0db6241a52bd5e20fadeecb9 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_i386.deb Size/MD5 checksum: 1722564 6d6f09820c51c80105b83c5369b94815 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_ia64.deb Size/MD5 checksum: 1964688 ccd9a5a84b6c9517f5cfa65aee91872d mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_mips.deb Size/MD5 checksum: 1703500 c1570749962f3d983ce6ab3589ed60ae mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_mipsel.deb Size/MD5 checksum: 1710082 1c220e8c8244141f67ae46267ed89844 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_powerpc.deb Size/MD5 checksum: 1710982 39f9f36c47954570d88c089ce23d7d32 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_s390.deb Size/MD5 checksum: 1695204 d6b47d731eddfd3a443aea2c5e233147 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_sparc.deb Size/MD5 checksum: 1717100 e0c7c8bab8e8da06ad88bfa47431b7b1 These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJKxkYEAAoJEL97/wQC1SS+HRgH/jTSulB3tvuBrscF9OO7hCGg NpEJ7h/T69lQyxUR+H1mgdVNjC9VNXtBkZ81y+RQdK7+Ja8pEoiNEJ7zMeONnkci rk4ubabYjojZ/0+rSdXl8a6Z9F3gvQuHmvuN/FYAdH48Ln7sU0QPLKlGR9No9Wv3 8hfB5LBSDzSgDQCDJmc4ByZ0dIIBJ/T+Wnhy8GuAs/q9B5MgneHpOCdJjtA6JU53 /F6SQAC1mCGWXmBwZNQUDAOP25XTaPEeWZwDi0ZFmFOXSkcvv/2XM5IlthSywF/P CFrWG/9cve02An516eMCYHjFXfA4TTzUuJ882oVcQVkgsFboRKIo8ccxmAe/+d4= =gmpD - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFKyTI2NVH5XJJInbgRAtRkAKCDGKMcGuZ4D+XYTUFZ8AFd+b3jzgCeK5lu 8AWP2UjygwakcE1UX135umU= =nlRq -----END PGP SIGNATURE-----