[USN-641-1] Racoon vulnerabilities
Date: Mon, 8 Sep 2008 17:31:49 -0700
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-641-1] Racoon vulnerabilities
Message-ID: <20080909003149.GJ26657@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="J/dobhs11T7y2rNN"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-641-1 September 09, 2008
ipsec-tools vulnerabilities
CVE-2008-3651, CVE-2008-3652
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
racoon 1:0.6.5-4ubuntu1.2
Ubuntu 7.04:
racoon 1:0.6.6-3ubuntu3.1
Ubuntu 7.10:
racoon 1:0.6.6-3.1ubuntu3.1
Ubuntu 8.04 LTS:
racoon 1:0.6.7-1.1ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that there were multiple ways to leak memory during
the IKE negotiation when handling certain packets. If a remote attacker
sent repeated malicious requests, the "racoon" key exchange server could
allocate large amounts of memory, possibly leading to a denial of service.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2.diff.gz
Size/MD5: 47976 6638ae6b7edc7671f77af5b93763de0d
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2.dsc
Size/MD5: 750 7d87380c510f48a35da9333fbfaf6629
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5.orig.tar.gz
Size/MD5: 914466 168076243c023782d3fb44a583d4a32c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2_amd64.deb
Size/MD5: 89430 2750ab4633d8ae447bed5aa7971aba48
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.2_amd64.deb
Size/MD5: 342540 912a807165c43ce90d3c60cc211ec94b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2_i386.deb
Size/MD5: 82876 5958ed679926590d81b53ecf8c651331
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.2_i386.deb
Size/MD5: 311398 ef1a597a39f3ee88292364b037452395
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2_powerpc.deb
Size/MD5: 91124 e140993179e7d7187574bf971d6773f5
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.2_powerpc.deb
Size/MD5: 336876 9bfa3bb9da23913f4ca6161a0acc602f
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2_sparc.deb
Size/MD5: 86632 210608ca3d4990fb54566f6d4b3942c8
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.2_sparc.deb
Size/MD5: 316756 ad7f2ccefd4f35cb8aaf5980e53a9499
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1.diff.gz
Size/MD5: 51311 51c0a08c38483a47bd3b2d8a73e1287f
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1.dsc
Size/MD5: 848 50817196a867ed407f0c67f928bc2260
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6.orig.tar.gz
Size/MD5: 914807 643a238e17148d242c603c511e28d029
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1_amd64.deb
Size/MD5: 91284 1780bae1fe5fdb3b907c39a876a2c419
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3ubuntu3.1_amd64.deb
Size/MD5: 345490 cb1610211a35a5a4f8d27b962e67830b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1_i386.deb
Size/MD5: 85700 eb95ead40564cd0965a6c256cc29cda4
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3ubuntu3.1_i386.deb
Size/MD5: 321292 338faec788865311b18ffe8aa9424ae5
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1_powerpc.deb
Size/MD5: 95646 0b6ce9437e4255922de2ed241730aa73
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3ubuntu3.1_powerpc.deb
Size/MD5: 347712 b7eadf3051881ee5d184aa93e0bc7f8e
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1_sparc.deb
Size/MD5: 89750 e47a17747bf516f28ba30b71ab762df4
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3ubuntu3.1_sparc.deb
Size/MD5: 323440 617461a267909d50f6d0994b03f55688
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1.diff.gz
Size/MD5: 54744 118e0b2e21e6fd42e7b153212f9d7847
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1.dsc
Size/MD5: 852 754c5e79157f7161d03323206c402c90
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6.orig.tar.gz
Size/MD5: 914807 643a238e17148d242c603c511e28d029
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1_amd64.deb
Size/MD5: 91780 cdeda0b4689c7051074ccfbf7757ca5b
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3.1ubuntu3.1_amd64.deb
Size/MD5: 348172 07a71cb07b5edc9e805c716b6bdc7374
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1_i386.deb
Size/MD5: 86050 2224517ec375bdf2d55ddeea1afcd8bb
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3.1ubuntu3.1_i386.deb
Size/MD5: 323010 919ef460216ef536459dd21b50483b07
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1ub=
untu3.1_lpia.deb
Size/MD5: 86698 cf26821405e282cd0c158bef83ba75ca
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.6-3.1ubuntu3=
=2E1_lpia.deb
Size/MD5: 323408 878b1d8f4c31dd4139e4ea14e4b9fefc
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1_powerpc.deb
Size/MD5: 96036 037e835bb80cb35c792dce96168e502f
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3.1ubuntu3.1_powerpc.deb
Size/MD5: 349582 3d53de0ac8a3fcf27c8a28234c363099
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1_sparc.deb
Size/MD5: 90208 7e6ae9b61a59731e5edf759da59b6443
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3.1ubuntu3.1_sparc.deb
Size/MD5: 325398 ed029d3727b0abb6dfc5718661d3179f
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.7-1.1ubuntu1.1.diff.gz
Size/MD5: 263295 c9592c8529b56ee3d6b40a1e3745b4c2
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.7-1.1ubuntu1.1.dsc
Size/MD5: 865 e7183e67f50caf1a396570bf7a4f1e89
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.7.orig.tar.gz
Size/MD5: 933322 e9f38f6f12124b9c19da684c87db9fcf
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.7-1.1ubuntu1.1_amd64.deb
Size/MD5: 91902 412eee43832542bdb31e47a8eec55a4b
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.7-=
1.1ubuntu1.1_amd64.deb
Size/MD5: 349030 bc73017cf4999c7e5f26218ef2e1e8a5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.7-1.1ubuntu1.1_i386.deb
Size/MD5: 86470 3496a2a6e102a029364642c5a02d49ea
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.7-=
1.1ubuntu1.1_i386.deb
Size/MD5: 324144 456c9da0a86535481406445d7e0a3e18
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.1_lpia.deb
Size/MD5: 86776 eafd43eda682ca7a99c3dcff763ea430
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
=2E1_lpia.deb
Size/MD5: 324314 9349d9ecfb37919ac5caf4f841215a63
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.1_powerpc.deb
Size/MD5: 96006 d4195e7f700808a98fb4f79c9e3fd0a9
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
=2E1_powerpc.deb
Size/MD5: 350830 eaa04a1b7456ec1ddf95c133aee9e2c8
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.1_sparc.deb
Size/MD5: 91072 f917354fcfa265bf5c008edea716e0ce
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
=2E1_sparc.deb
Size/MD5: 325378 4940622cdeaf063c76b9e090987d5e89
--J/dobhs11T7y2rNN
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net.>
iEYEARECAAYFAkjFw/UACgkQH/9LqRcGPm3O6wCgmvf7iNLBeKG8AhUdNSxl7wE3
mwAAn1sVpLF0lP1vh6E7Dn9tm8dqf1F1
=8bEd
-----END PGP SIGNATURE-----
--J/dobhs11T7y2rNN--