[SECURITY] [DSA 1759-1] New strongswan packages fix denial of service
Date: Tue, 31 Mar 2009 10:49:22 +1100 (EST)
From: [email protected] (Steffen Joeris)
Subject: [SECURITY] [DSA 1759-1] New strongswan packages fix denial of service
Priority: urgent
Resent-Message-ID: <0RtIiiAsnBP.A.nKD.bqV0JB@liszt.>
Reply-To: [email protected]
Mail-Followup-To: [email protected]
To: [email protected]
Resent-Date: Mon, 30 Mar 2009 23:49:47 +0000 (UTC)
Resent-From: [email protected] (Mailing List Manager)
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1759-1 [email protected]
http://www.debian.org/security/ Steffen Joeris
March 30, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : strongswan
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-0790
Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an
IPSec implementation for linux, is prone to a denial of service attack
via a malicious packet.
For the stable distribution (lenny), this problem has been fixed in
version 4.2.4-5+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 2.8.0+dfsg-1+etch1.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your strongswan packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.dsc
Size/MD5 checksum: 811 15760a0423c8cf0829c0f71d5424ab27
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz
Size/MD5 checksum: 3155518 8b9ac905b9bcd41fb826e3d67e90a33d
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.diff.gz
Size/MD5 checksum: 57545 276bae2bae3230bcef527b44f3b9fb99
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_alpha.deb
Size/MD5 checksum: 1197696 7fc7c6438f1c2739373c193784934461
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_amd64.deb
Size/MD5 checksum: 1100438 4004ce8cfc2b2de41712a4d73a520de2
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_arm.deb
Size/MD5 checksum: 1070794 dc1e10007ea82d547591052d032e0216
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_hppa.deb
Size/MD5 checksum: 1136062 9f5996ea05d930e0a7a361336263be58
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_i386.deb
Size/MD5 checksum: 1051780 25b41b38e8698a6f61b3f4f523ca52c7
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_ia64.deb
Size/MD5 checksum: 1454480 19818a3ec7756710ea1abfdbd9ebadcc
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mips.deb
Size/MD5 checksum: 1124636 be7189aac59d98fbec7a9bf9a5f7b74d
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mipsel.deb
Size/MD5 checksum: 1130402 25bdc2ca2651db73a88f079902a35f43
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_powerpc.deb
Size/MD5 checksum: 1097994 e1eb29c9c4dd776259178308a6b40a04
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_s390.deb
Size/MD5 checksum: 1084268 90b6459bb59a264eaf1aa2b26ed82acd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_sparc.deb
Size/MD5 checksum: 1024106 9ad2a093d9efad364a0eb80a0f20057f
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.dsc
Size/MD5 checksum: 1310 c6dc3521aee080f275ea0f65ded35bca
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.diff.gz
Size/MD5 checksum: 57299 b6d1af4a7144d5289400f35dcd18eb5e
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz
Size/MD5 checksum: 3295212 92ddfaedd6698bc6640927def271d476
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_alpha.deb
Size/MD5 checksum: 1301122 7c83dcbdcdb177e9bc83361d4c064f6d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_amd64.deb
Size/MD5 checksum: 1178112 875f877f564c88b885ebf68be2478f0c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_arm.deb
Size/MD5 checksum: 1034248 3c20d44508cc5255c3e6ad74cf9cac9c
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_armel.deb
Size/MD5 checksum: 1034868 457ca8749ced0c177c5825ca953423e7
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_hppa.deb
Size/MD5 checksum: 1214270 353bde7aacb7e5a875ba8d715da70caa
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_i386.deb
Size/MD5 checksum: 1099806 02a117d38e15ecf3e0b2667985b7710e
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_ia64.deb
Size/MD5 checksum: 1615308 d0f1ed5581a772eecf3801a45d57ab95
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mips.deb
Size/MD5 checksum: 1158540 656a66202077e4f55d24433af6ab3ce5
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mipsel.deb
Size/MD5 checksum: 1157848 614cad1bdd081160a3fe74e3d1e4e902
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_powerpc.deb
Size/MD5 checksum: 1228470 6dbb9fa6379444c2f0cebba7fc417027
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_s390.deb
Size/MD5 checksum: 1258802 d92712a84cbb2d2c181546927d4f9f36
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_sparc.deb
Size/MD5 checksum: 1142494 cd69f7750be1e6cc0e83003e74480bde
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknRWVUACgkQ62zWxYk/rQcthACguH1lywBH1O1XrntR2Vocpnh2
yhwAn36Y2AGH1gdtwYxXMggU37a35Izc
=WEU7
-----END PGP SIGNATURE-----