[BSA-061] Security Update for openswan

2012-01-0220:07:53

lists.debian.org

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

Harald Jenny uploaded new packages for openswan which fixed the
following security problems:

CVE-2011-4073
Use-after-free vulnerability in the cryptographic helper handler
functionality in Openswan 2.3.0 through 2.6.36 allows remote
authenticated users to cause a denial of service (pluto IKE daemon
crash) via vectors related to the (1) quick_outI1_continue and (2)
quick_outI1 functions.

For the squeeze-backports distribution the problems have been fixed in
version 1:2.6.28+dfsg-5+squeeze1~bpo50+1.

For the oldstable distribution (lenny), this problem has been fixed in
version 1:2.4.12+dfsg-1.3+lenny3.

For the stable distribution (squeeze), this problem has been fixed in
version 1:2.6.28+dfsg-5+squeeze1.

For the unstable distribution (sid), this problem has been fixed in
version 1:2.6.37-1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.debian.org/Instructions>

We recommend to pin (in /etc/apt/preferences) the backports repository
to 200 so that new versions of installed backports will be installed
automatically.

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200

Kind regards
Harald Jenny
Attachment:
pgpTrTgosYDg8.pgp
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian999ia64openswan< 2.6.37-1openswan_2.6.37-1_ia64.deb
Debian5allopenswan< 1:2.4.12+dfsg-1.3+lenny3openswan_1:2.4.12+dfsg-1.3+lenny3_all.deb
Debian999armhfopenswan-dbg< 2.6.37-1openswan-dbg_2.6.37-1_armhf.deb
Debian6armelopenswan< 2.6.28+dfsg-5+squeeze1openswan_2.6.28+dfsg-5+squeeze1_armel.deb
Debian5armelopenswan< 2.4.12+dfsg-1.3+lenny4openswan_2.4.12+dfsg-1.3+lenny4_armel.deb
Debian999allopenswan-modules-source< 2.6.37-1openswan-modules-source_2.6.37-1_all.deb
Debian5alllinux-patch-openswan< 2.4.12+dfsg-1.3+lenny3linux-patch-openswan_2.4.12+dfsg-1.3+lenny3_all.deb
Debian5sparcopenswan< 2.4.12+dfsg-1.3+lenny4openswan_2.4.12+dfsg-1.3+lenny4_sparc.deb
Debian999s390xopenswan-modules-dkms< 2.6.37-1openswan-modules-dkms_2.6.37-1_s390x.deb
Debian999sparc64openswan< 2.6.37-1openswan_2.6.37-1_sparc64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	ia64	openswan	< 2.6.37-1	openswan_2.6.37-1_ia64.deb
Debian	5	all	openswan	< 1:2.4.12+dfsg-1.3+lenny3	openswan_1:2.4.12+dfsg-1.3+lenny3_all.deb
Debian	999	armhf	openswan-dbg	< 2.6.37-1	openswan-dbg_2.6.37-1_armhf.deb
Debian	6	armel	openswan	< 2.6.28+dfsg-5+squeeze1	openswan_2.6.28+dfsg-5+squeeze1_armel.deb
Debian	5	armel	openswan	< 2.4.12+dfsg-1.3+lenny4	openswan_2.4.12+dfsg-1.3+lenny4_armel.deb
Debian	999	all	openswan-modules-source	< 2.6.37-1	openswan-modules-source_2.6.37-1_all.deb
Debian	5	all	linux-patch-openswan	< 2.4.12+dfsg-1.3+lenny3	linux-patch-openswan_2.4.12+dfsg-1.3+lenny3_all.deb
Debian	5	sparc	openswan	< 2.4.12+dfsg-1.3+lenny4	openswan_2.4.12+dfsg-1.3+lenny4_sparc.deb
Debian	999	s390x	openswan-modules-dkms	< 2.6.37-1	openswan-modules-dkms_2.6.37-1_s390x.deb
Debian	999	sparc64	openswan	< 2.6.37-1	openswan_2.6.37-1_sparc64.deb