Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1898-1] New openswan packages fix denial of service (1/

From Florian Weimer@1:229/2 to All on Fri Oct 2 20:30:08 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1898-1 [email protected] http://www.debian.org/security/ Florian Weimer October 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : openswan
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-2185

It was discovered that the pluto daemon in the openswan, an
implementation of IPSEC and IKE, could crash when processing a crafted
X.509 certificate.

For the old stable distribution (etch), this problem has been fixed in
version 2.4.6+dfsg.2-1.1+etch2.

For the stable distribution (lenny), this problem has been fixed in
version 2.4.12+dfsg-1.3+lenny2.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.22+dfsg-1.

We recommend that you upgrade your openswan package.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2.orig.tar.gz
Size/MD5 checksum: 3555236 e5ef22979f8a67038f445746fdc7ff38
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2.diff.gz
Size/MD5 checksum: 91729 e7772358f397628f18f8590b2381a360
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2.dsc
Size/MD5 checksum: 879 3210a5ae193686c4f7fcd54c7855d720

Architecture independent packages:

http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.6+dfsg.2-1.1+etch2_all.deb
Size/MD5 checksum: 522838 0368797b593a98c90d6e06cbe6743413
http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.6+dfsg.2-1.1+etch2_all.deb
Size/MD5 checksum: 599200 1780b2e6a74358d4caf2bde57f3b8f17

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_alpha.deb
Size/MD5 checksum: 1798002 0c82e879ab4437375188a65edc88dc3c

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_amd64.deb
Size/MD5 checksum: 1675158 db6086977260bbb4bb122d1bab3d3af5

arm architecture (ARM)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_arm.deb
Size/MD5 checksum: 1718930 99c1b3db0733aa752802d3bac61dee5a

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_hppa.deb
Size/MD5 checksum: 1771158 7342b46f65862bee24eb47e6d19d3a33

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_i386.deb
Size/MD5 checksum: 1698718 4149cea4bc3176f5882e4c7f84eabf56

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_ia64.deb
Size/MD5 checksum: 1930186 e1026107147145804d91567013b23329

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_mips.deb
Size/MD5 checksum: 1692076 2b7f7d0c3bda2016453e91424c6a483a

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_mipsel.deb
Size/MD5 checksum: 1697442 5ab952bf26a3b392b5c9ef1406a24019

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_powerpc.deb
Size/MD5 checksum: 1667696 e84e9f2d87d6cf1b544e650867877c4e

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_s390.deb
Size/MD5 checksum: 1671262 7d9b4488c61b3261478e4598e2d1cbe9

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.6+dfsg.2-1.1+etch2_sparc.deb
Size/MD5 checksum: 1689370 f00222a3310c2758204de6ded56cfa4b

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2.dsc
Size/MD5 checksum: 1315 2eb502ff966ff81e9da9930889f6199c
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg.orig.tar.gz
Size/MD5 checksum: 3765276 f753413e9c705dee9a23ab8db6c26ee4
http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2.diff.gz
Size/MD5 checksum: 145354 d0ef8b06a64471210268de94f79bfcbe

Architecture independent packages:

http://security.debian.org/pool/updates/main/o/openswan/linux-patch-openswan_2.4.12+dfsg-1.3+lenny2_all.deb
Size/MD5 checksum: 613180 a589be2a64b1715d209f9c28a5654ea6
http://security.debian.org/pool/updates/main/o/openswan/openswan-modules-source_2.4.12+dfsg-1.3+lenny2_all.deb
Size/MD5 checksum: 537728 e0f72fde54078d6fc805fe27f1a4c688

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_alpha.deb
Size/MD5 checksum: 1825688 cecb628caabdc6848734f335e4b14813

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_amd64.deb
Size/MD5 checksum: 1767032 12f084adacc24ebe4f03c6106b6ecc11

arm architecture (ARM)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_arm.deb
Size/MD5 checksum: 1756446 b07bc1876b226a960afcf443cebdf868

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/o/openswan/openswan_2.4.12+dfsg-1.3+lenny2_armel.deb
Size/MD5 checksum: 1736620 d3f87f7a3756ab47bedeb23cbabc7c29

hppa architecture (HP PA RISC)

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (0 / 16)
Uptime:	161:54:03
Calls:	12,094
Calls today:	2
Files:	15,000
Messages:	6,517,778

[SECURITY] [DSA 1898-1] New openswan packages fix denial of service (1/

Who's Online

Recent Visitors

System Info