-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 22 Jul 2009 12:45:08 +0200
Source: strongswan
Binary: strongswan
Architecture: source amd64
Version: 4.2.4-5+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Rene Mayrhofer <rmayr.RemoveThis@debian.org>
Changed-By: Rene Mayrhofer <rmayr.RemoveThis@debian.org>
Description:
strongswan - IPSec utilities for strongSwan
Changes:
strongswan (4.2.4-5+lenny2) stable-security; urgency=high
.
Applied ASN.1 and other security fixes from upstream:
* Fixes a Denial-of-Service vulnerability where receiving a malformed
IKE_AUTH request with either a missing TSi or TSr traffic selector
payload causes a crash of the IKEv2 charon while dereferencing a NULL
pointer because the NULL pointer checks of TSi and TSr before destruction
were erroneously swapped.
* The RDN parser vulnerability discovered by Orange Labs research team
was not completely fixed in version 4.2.16. Some more modifications had
to be applied to the asn1_length() function.
* Applying their fuzzing tool, the Orange Labs vulnerability research team
found a Denial-of-Service vulnerability in the parsing of ASN.1 Relative
Distinguished Names (RDNs). Malformed X.509 certificate RDNs can cause
the pluto and charon IKE daemons to crash and restart.
* Applying their fuzzing tool, the Orange Labs vulnerability research team
found a Denial-of-Service vulnerability in the parsing of ASN.1 UTCTIME
and GENERALIZEDTIME strings. Malformed X.509 certificate time strings can
cause the pluto and charon IKE daemons to crash and restart.
* Fixes a Denial-of-Service vulnerability where receiving a malformed
IKE_SA_INIT request leaves an incomplete state which causes a crash of
the IKEv2 charon while dereferencing a NULL pointer if a subsequent
CREATE_CHILD_SA is received.
Checksums-Sha1:
c1fe733215614434df83614dfa4d26148dc0dd78 1310 strongswan_4.2.4-5+lenny2.dsc
c4189d7d8687896a18dea1ecae2a8f934962f3e2 61766 strongswan_4.2.4-5+lenny2.diff.gz
11e06c9bcb7b5a383bc2492a7cbdad81873ae88d 1178134 strongswan_4.2.4-5+lenny2_amd64.deb
Checksums-Sha256:
de4db3697ba29025590d93721302e4cf6d99dd975f1a2e6d6c5b6633a1d90b30 1310 strongswan_4.2.4-5+lenny2.dsc
92831288a1e9b9cb77562d62dca4b74a3e3e738fcb9b03a4277306a96f31cf25 61766 strongswan_4.2.4-5+lenny2.diff.gz
f6719e578658205b09e22c7402d3736dccc931e98be7b2ac8e66b17c1d23cd13 1178134 strongswan_4.2.4-5+lenny2_amd64.deb
Files:
928b8b063b5faff63069ed14943adca6 1310 net optional strongswan_4.2.4-5+lenny2.dsc
59fdf86036990bebd0ddcf6f8fb3cfcb 61766 net optional strongswan_4.2.4-5+lenny2.diff.gz
6c93cf3e50409d80f8fe9d98d1347936 1178134 net optional strongswan_4.2.4-5+lenny2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpuAQUACgkQq7SPDcPCS96Y4QCg5W7XnavAXFEFl+p+nsRIy0yT
XMsAn0B9TJUvouqm+BClRXnsCl4mBfQX
=avvD
-----END PGP SIGNATURE-----
Accepted:
strongswan_4.2.4-5+lenny2.diff.gz
to pool/main/s/strongswan/strongswan_4.2.4-5+lenny2.diff.gz
strongswan_4.2.4-5+lenny2.dsc
to pool/main/s/strongswan/strongswan_4.2.4-5+lenny2.dsc
strongswan_4.2.4-5+lenny2_amd64.deb
to pool/main/s/strongswan/strongswan_4.2.4-5+lenny2_amd64.deb
--
To UNSUBSCRIBE, email to debian-changes-REQUEST.RemoveThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.RemoveThis@lists.debian.org
Linux