openswan -- denial of service

2009-03-30T00:00:00
ID DSA-1760
Type debian
Reporter Debian
Modified 2009-03-30T00:00:00

Description

Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux. The Common Vulnerabilities and Exposures project identifies the following problems:

Dmitry E. Oboukhov discovered that the livetest tool is using temporary files insecurely, which could lead to a denial of service attack.

Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone to a denial of service attack via a malicious packet.

For the oldstable distribution (etch), this problem has been fixed in version 2.4.6+dfsg.2-1.1+etch1.

For the stable distribution (lenny), this problem has been fixed in version 2.4.12+dfsg-1.3+lenny1.

For the testing distribution (squeeze) and the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your openswan packages.