Package: openswan Severity: grave Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for openswan. CVE-2011-2147[0]: | Openswan 2.2.x does not properly restrict permissions for (1) | /var/run/starter.pid, related to starter.c in the IPsec starter, and | (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary | processes by writing a PID to a file, or possibly bypass disk quotas | by writing arbitrary data to a file, as demonstrated by files with | 0666 permissions, a different vulnerability than CVE-2011-1784. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers, Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2147 http://security-tracker.debian.org/tracker/CVE-2011-2147 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk3hvegACgkQ62zWxYk/rQcMHQCfb3lMZTutIDaU9koXSOcuisCx ImkAn0nU0FH8iwQfjeN0l4hyY0Y2tFdK =DkbD -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
