Lucene search

K
centosCentOS ProjectCESA-2008:0849
HistoryAug 26, 2008 - 10:54 p.m.

ipsec security update

2008-08-2622:54:10
CentOS Project
lists.centos.org
41

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.099 Low

EPSS

Percentile

94.7%

CentOS Errata and Security Advisory CESA-2008:0849

The ipsec-tools package is used in conjunction with the IPsec functionality
in the Linux kernel and includes racoon, an IKEv1 keying daemon.

Two denial of service flaws were found in the ipsec-tools racoon daemon. It
was possible for a remote attacker to cause the racoon daemon to consume
all available memory. (CVE-2008-3651, CVE-2008-3652)

Users of ipsec-tools should upgrade to this updated package, which contains
backported patches that resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-August/077369.html
https://lists.centos.org/pipermail/centos-announce/2008-August/077370.html
https://lists.centos.org/pipermail/centos-announce/2008-August/077377.html
https://lists.centos.org/pipermail/centos-announce/2008-August/077378.html
https://lists.centos.org/pipermail/centos-announce/2008-August/077384.html
https://lists.centos.org/pipermail/centos-announce/2008-August/077386.html
https://lists.centos.org/pipermail/centos-announce/2008-August/077388.html
https://lists.centos.org/pipermail/centos-announce/2008-August/077390.html

Affected packages:
ipsec-tools

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0849

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.099 Low

EPSS

Percentile

94.7%

Related for CESA-2008:0849