[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY] [DSA 1759-1] New strongswan packages fix denial of service



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1759-1                  security@xxxxxxxxxx
http://www.debian.org/security/                      Steffen Joeris
March 30, 2009                   	http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : strongswan
Vulnerability  : denial of service
Problem type   : remote
Debian-specific: no
CVE Id         : CVE-2009-0790


Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an
IPSec implementation for linux, is prone to a denial of service attack
via a malicious packet.


For the stable distribution (lenny), this problem has been fixed in
version 4.2.4-5+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 2.8.0+dfsg-1+etch1.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your strongswan packages.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.dsc
    Size/MD5 checksum:      811 15760a0423c8cf0829c0f71d5424ab27
  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz
    Size/MD5 checksum:  3155518 8b9ac905b9bcd41fb826e3d67e90a33d
  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.diff.gz
    Size/MD5 checksum:    57545 276bae2bae3230bcef527b44f3b9fb99

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_alpha.deb
    Size/MD5 checksum:  1197696 7fc7c6438f1c2739373c193784934461

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_amd64.deb
    Size/MD5 checksum:  1100438 4004ce8cfc2b2de41712a4d73a520de2

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_arm.deb
    Size/MD5 checksum:  1070794 dc1e10007ea82d547591052d032e0216

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_hppa.deb
    Size/MD5 checksum:  1136062 9f5996ea05d930e0a7a361336263be58

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_i386.deb
    Size/MD5 checksum:  1051780 25b41b38e8698a6f61b3f4f523ca52c7

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_ia64.deb
    Size/MD5 checksum:  1454480 19818a3ec7756710ea1abfdbd9ebadcc

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mips.deb
    Size/MD5 checksum:  1124636 be7189aac59d98fbec7a9bf9a5f7b74d

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mipsel.deb
    Size/MD5 checksum:  1130402 25bdc2ca2651db73a88f079902a35f43

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_powerpc.deb
    Size/MD5 checksum:  1097994 e1eb29c9c4dd776259178308a6b40a04

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_s390.deb
    Size/MD5 checksum:  1084268 90b6459bb59a264eaf1aa2b26ed82acd

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_sparc.deb
    Size/MD5 checksum:  1024106 9ad2a093d9efad364a0eb80a0f20057f


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.dsc
    Size/MD5 checksum:     1310 c6dc3521aee080f275ea0f65ded35bca
  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.diff.gz
    Size/MD5 checksum:    57299 b6d1af4a7144d5289400f35dcd18eb5e
  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz
    Size/MD5 checksum:  3295212 92ddfaedd6698bc6640927def271d476

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_alpha.deb
    Size/MD5 checksum:  1301122 7c83dcbdcdb177e9bc83361d4c064f6d

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_amd64.deb
    Size/MD5 checksum:  1178112 875f877f564c88b885ebf68be2478f0c

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_arm.deb
    Size/MD5 checksum:  1034248 3c20d44508cc5255c3e6ad74cf9cac9c

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_armel.deb
    Size/MD5 checksum:  1034868 457ca8749ced0c177c5825ca953423e7

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_hppa.deb
    Size/MD5 checksum:  1214270 353bde7aacb7e5a875ba8d715da70caa

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_i386.deb
    Size/MD5 checksum:  1099806 02a117d38e15ecf3e0b2667985b7710e

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_ia64.deb
    Size/MD5 checksum:  1615308 d0f1ed5581a772eecf3801a45d57ab95

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mips.deb
    Size/MD5 checksum:  1158540 656a66202077e4f55d24433af6ab3ce5

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mipsel.deb
    Size/MD5 checksum:  1157848 614cad1bdd081160a3fe74e3d1e4e902

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_powerpc.deb
    Size/MD5 checksum:  1228470 6dbb9fa6379444c2f0cebba7fc417027

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_s390.deb
    Size/MD5 checksum:  1258802 d92712a84cbb2d2c181546927d4f9f36

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_sparc.deb
    Size/MD5 checksum:  1142494 cd69f7750be1e6cc0e83003e74480bde


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknRWVUACgkQ62zWxYk/rQcthACguH1lywBH1O1XrntR2Vocpnh2
yhwAn36Y2AGH1gdtwYxXMggU37a35Izc
=WEU7
-----END PGP SIGNATURE-----