-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 22 Jul 2009 12:45:08 +0200
Source: strongswan
Binary: strongswan
Architecture: source amd64
Version: 4.2.4-5+lenny3
Distribution: stable-security
Urgency: high
Maintainer: Rene Mayrhofer <rmayr@debian.org>
Changed-By: Rene Mayrhofer <rmayr@debian.org>
Description:
strongswan - IPSec utilities for strongSwan
Changes:
strongswan (4.2.4-5+lenny3) stable-security; urgency=high
.
Applied ASN.1 and other security fixes from upstream:
* Fixes a Denial-of-Service vulnerability where receiving a malformed
IKE_AUTH request with either a missing TSi or TSr traffic selector
payload causes a crash of the IKEv2 charon while dereferencing a NULL
pointer because the NULL pointer checks of TSi and TSr before destruction
were erroneously swapped.
* The RDN parser vulnerability discovered by Orange Labs research team
was not completely fixed in version 4.2.16. Some more modifications had
to be applied to the asn1_length() function.
* Applying their fuzzing tool, the Orange Labs vulnerability research team
found a Denial-of-Service vulnerability in the parsing of ASN.1 Relative
Distinguished Names (RDNs). Malformed X.509 certificate RDNs can cause
the pluto and charon IKE daemons to crash and restart.
* Applying their fuzzing tool, the Orange Labs vulnerability research team
found a Denial-of-Service vulnerability in the parsing of ASN.1 UTCTIME
and GENERALIZEDTIME strings. Malformed X.509 certificate time strings can
cause the pluto and charon IKE daemons to crash and restart.
* Fixes a Denial-of-Service vulnerability where receiving a malformed
IKE_SA_INIT request leaves an incomplete state which causes a crash of
the IKEv2 charon while dereferencing a NULL pointer if a subsequent
CREATE_CHILD_SA is received.
Checksums-Sha1:
7681c975a6bd78f3145351547096a7d32ffe017c 1602 strongswan_4.2.4-5+lenny3.dsc
9b725c50814098029b56d965e3b1fe373a593a65 61133 strongswan_4.2.4-5+lenny3.diff.gz
821b7454dc9450467f7cfea720d82c4e940230bd 1180738 strongswan_4.2.4-5+lenny3_amd64.deb
Checksums-Sha256:
ddb0b8c46c824df7ac3d054e83d00458197cc77c6ce9b8f0d708ad0f5fc77f15 1602 strongswan_4.2.4-5+lenny3.dsc
91c422618be387ff1d79574bd9cd14b6e1a792df45b8a71542bc6eb1ed88369f 61133 strongswan_4.2.4-5+lenny3.diff.gz
0b98e5bf3e0a8622412a9530715b17f7651b2c2e555ed124396291558017fa4c 1180738 strongswan_4.2.4-5+lenny3_amd64.deb
Files:
1ea34a8afadc1d588b11d89d9e40a12b 1602 net optional strongswan_4.2.4-5+lenny3.dsc
b619f96758667d0968c5572c3014d8be 61133 net optional strongswan_4.2.4-5+lenny3.diff.gz
035f9bb4259a1e3f2399680a1683a98f 1180738 net optional strongswan_4.2.4-5+lenny3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJKxY4KAAoJEL97/wQC1SS+JaAIAI9hUev7q8QafyePNIQ3k5/a
TlCUpeN1rjcEHTu0ZcDed53PwRJV3lhGiPWOsDZo+gdzegtGS4vzq973wyiNDuxP
2GkJ86eb8CTEnlvl0jcWtutscmJj8bpw8W3xFv+1c4r3ozRWOR/PRXowBTk7ygof
poIzNl7Svu1JPtcHvVRlXwrYdzBmJ7BCP3o39XEnSswiSIOXcgrMDHpaagKeEh1+
DD4jA9fy5/lEg07Sn15LZ4PxKGmvjfu+80kN116jH3rC8tf4GJ+5p1pLLRbBquFk
MBX2Df2Xk5U7UPj+myABzLbLw/dM0KC+4nDgkMoLhxrT8i1GYRA0jeWBrwdeMAA=
=CpDJ
-----END PGP SIGNATURE-----
Accepted:
strongswan_4.2.4-5+lenny3.diff.gz
to pool/main/s/strongswan/strongswan_4.2.4-5+lenny3.diff.gz
strongswan_4.2.4-5+lenny3.dsc
to pool/main/s/strongswan/strongswan_4.2.4-5+lenny3.dsc
strongswan_4.2.4-5+lenny3_amd64.deb
to pool/main/s/strongswan/strongswan_4.2.4-5+lenny3_amd64.deb
