[ubuntu/hardy-security] openswan_2.4.9+dfsg-1ubuntu0.1_ia64_translations.tar.gz, openswan_2.4.9+dfsg-1ubuntu0.1_powerpc_translations.tar.gz, openswan_2.4.9+dfsg-1ubuntu0.1_lpia_translations.tar.gz, openswan_2.4.9+dfsg-1ubuntu0.1_sparc_translations.tar.gz, openswan_2.4.9+dfsg-1ubuntu0.1_hppa_translations.tar.gz, openswan_2.4.9+dfsg-1ubuntu0.1_i386_translations.tar.gz, openswan_2.4.9+dfsg-1ubuntu0.1_amd64_translations.tar.gz, openswan 1:2.4.9+dfsg-1ubuntu0.1 (Accepted)

Harald Jenny harald at a-little-linux-box.at
Wed Jan 18 15:03:20 UTC 2012 

openswan (1:2.4.9+dfsg-1ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: symlink attack through predictable filenames in /tmp
    - debian/patches/02-fix-unsecure-tmp-file.dpatch: change
      programs/livetest/livetest.in to use mktemp for temporary file creation.
      Patch taken from Debian openswan 1:2.4.12+dfsg-1.3 package.
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374
  * SECURITY UPDATE: denial of service attack via malicious Dead Peer Detection
    packet
    - debian/patches/03-CVE-2009-0790.dpatch: adjust programs/pluto/demux.c to
      check for a possbile NULL value. Patch taken from Debian openswan
      1:2.4.12+dfsg-1.3+lenny1 package.
    - CVE-2009-0790
  * SECURITY UPDATE: denial of service attack via specially crafted X.509
    certificate
    - debian/patches/04-CVE-2009-2185.dpatch: create include/oswtime.h and
      modify programs/pluto/asn1.c as well as lib/libopenswan/optionsfrom.c to
      do proper checks on certificate objects length. Patch taken from Debian
      openswan 1:2.4.12+dfsg-1.3+lenny2 package.
    - CVE-2009-2185
  * SECURITY UPDATE: denial of service attack via deliberately interrupted
    IPSec connection attempt
    - debian/patches/05-2.4.9-CVE-2011-4073.dpatch: change
      programs/pluto/ikev1_continuations.h and programs/pluto/ikev1_quick.c to
      check for vanished ISAKMP SA in Quick Mode negotiation. Patch taken from
      Debian openswan 1:2.4.12+dfsg-1.3+lenny3 package and slightly modified.
    - CVE-2011-4073
  (LP: #917754)

Date: Tue, 17 Jan 2012 16:53:31 +0100
Changed-By: Harald Jenny <harald at a-little-linux-box.at>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/openswan/1:2.4.9+dfsg-1ubuntu0.1
-------------- next part --------------
Format: 1.7
Date: Tue, 17 Jan 2012 16:53:31 +0100
Source: openswan
Binary: openswan openswan-modules-source linux-patch-openswan
Architecture: source
Version: 1:2.4.9+dfsg-1ubuntu0.1
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Harald Jenny <harald at a-little-linux-box.at>
Description: 
 linux-patch-openswan - IPSEC Linux kernel support for Openswan
 openswan   - IPSEC utilities for Openswan
 openswan-modules-source - IPSEC kernel modules source for Openswan
Launchpad-Bugs-Fixed: 917754
Changes: 
 openswan (1:2.4.9+dfsg-1ubuntu0.1) hardy-security; urgency=low
 .
   * SECURITY UPDATE: symlink attack through predictable filenames in /tmp
     - debian/patches/02-fix-unsecure-tmp-file.dpatch: change
       programs/livetest/livetest.in to use mktemp for temporary file creation.
       Patch taken from Debian openswan 1:2.4.12+dfsg-1.3 package.
     - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374
   * SECURITY UPDATE: denial of service attack via malicious Dead Peer Detection
     packet
     - debian/patches/03-CVE-2009-0790.dpatch: adjust programs/pluto/demux.c to
       check for a possbile NULL value. Patch taken from Debian openswan
       1:2.4.12+dfsg-1.3+lenny1 package.
     - CVE-2009-0790
   * SECURITY UPDATE: denial of service attack via specially crafted X.509
     certificate
     - debian/patches/04-CVE-2009-2185.dpatch: create include/oswtime.h and
       modify programs/pluto/asn1.c as well as lib/libopenswan/optionsfrom.c to
       do proper checks on certificate objects length. Patch taken from Debian
       openswan 1:2.4.12+dfsg-1.3+lenny2 package.
     - CVE-2009-2185
   * SECURITY UPDATE: denial of service attack via deliberately interrupted
     IPSec connection attempt
     - debian/patches/05-2.4.9-CVE-2011-4073.dpatch: change
       programs/pluto/ikev1_continuations.h and programs/pluto/ikev1_quick.c to
       check for vanished ISAKMP SA in Quick Mode negotiation. Patch taken from
       Debian openswan 1:2.4.12+dfsg-1.3+lenny3 package and slightly modified.
     - CVE-2011-4073
   (LP: #917754)
Files: 
 2c8d55ece3fda516726cdef06f8deb37 1603 net optional openswan_2.4.9+dfsg-1ubuntu0.1.dsc
 22b0a2e05dc15699ca02dcea23c478f7 93448 net optional openswan_2.4.9+dfsg-1ubuntu0.1.diff.gz
Original-Maintainer: Rene Mayrhofer <rmayr at debian.org>

More information about the Hardy-changes mailing list