Your message dated Mon, 15 Jun 2009 11:32:10 +0000
with message-id <[email protected]>
and subject line Bug#531612: fixed in strongswan 4.2.14-1.1
has caused the Debian Bug report #531612,
regarding [SA35296] strongSwan Two Denial of Service Vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
531612: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531612
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: strongswan
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for strongswan:
SA35296[1]:
> DESCRIPTION:
> Two vulnerabilities have been reported in strongSwan, which can be
> exploited by malicious people to cause a DoS (Denial of Service).
>
> 1) An error in the IKEv2 charon daemon can be exploited to trigger a
> NULL pointer dereference and cause a crash via specially crafted
> IKE_SA_INIT and CREATE_CHILD_SA requests.
>
> 2) An error in the IKEv2 charon daemon can be exploited to trigger a
> NULL pointer dereference and cause a crash via an IKE_AUTH request
> missing a TSi or TSr payload.
>
> The vulnerabilities are reported in versions 4.1.0 through 4.3.0.
>
> SOLUTION:
> Update to version 4.3.1 or 4.2.15, or apply patches:
> http://download.strongswan.org/patches/03_invalid_ike_state_patch/
> http://download.strongswan.org/patches/04_swapped_ts_check_patch/
>
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
>
> ORIGINAL ADVISORY:
> http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme
> http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme
If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.
[1]http://secunia.com/advisories/35296/
Patches: http://download.strongswan.org/patches/03_invalid_ike_state_patch/
http://download.strongswan.org/patches/04_swapped_ts_check_patch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkolcP4ACgkQNxpp46476aouWQCghzO5oD+VYA2hj8US61W2sOCy
pZkAn0GJ0MZ77UHYSVy4Zg/TrtHG1ERA
=0tLy
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: strongswan
Source-Version: 4.2.14-1.1
We believe that the bug you reported is fixed in the latest version of
strongswan, which is due to be installed in the Debian FTP archive:
libstrongswan_4.2.14-1.1_amd64.deb
to pool/main/s/strongswan/libstrongswan_4.2.14-1.1_amd64.deb
strongswan-ikev1_4.2.14-1.1_amd64.deb
to pool/main/s/strongswan/strongswan-ikev1_4.2.14-1.1_amd64.deb
strongswan-ikev2_4.2.14-1.1_amd64.deb
to pool/main/s/strongswan/strongswan-ikev2_4.2.14-1.1_amd64.deb
strongswan-nm_4.2.14-1.1_amd64.deb
to pool/main/s/strongswan/strongswan-nm_4.2.14-1.1_amd64.deb
strongswan-starter_4.2.14-1.1_amd64.deb
to pool/main/s/strongswan/strongswan-starter_4.2.14-1.1_amd64.deb
strongswan_4.2.14-1.1.diff.gz
to pool/main/s/strongswan/strongswan_4.2.14-1.1.diff.gz
strongswan_4.2.14-1.1.dsc
to pool/main/s/strongswan/strongswan_4.2.14-1.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[email protected]> (supplier of updated strongswan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 15 Jun 2009 13:06:05 +0200
Source: strongswan
Binary: strongswan libstrongswan strongswan-starter strongswan-ikev1
strongswan-ikev2 strongswan-nm
Architecture: source amd64
Version: 4.2.14-1.1
Distribution: unstable
Urgency: high
Maintainer: Rene Mayrhofer <[email protected]>
Changed-By: Nico Golde <[email protected]>
Description:
libstrongswan - strongSwan utility and crypto library
strongswan - IPsec VPN solution metapackage
strongswan-ikev1 - strongSwan IKEv1 keying daemon
strongswan-ikev2 - strongSwan IKEv2 keying daemon
strongswan-nm - strongSwan plugin to interact with NetworkManager
strongswan-starter - strongSwan daemon starter and configuration file parser
Closes: 531612
Changes:
strongswan (4.2.14-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix two possible null pointer dereferences leading to denial
of service via crafted IKE_SA_INIT, CREATE_CHILD_SA or
IKE_AUTH request (CVE-2009-1957; CVE-2009-1958; Closes: #531612).
Checksums-Sha1:
ea2c805150ec7b20e8b868dca77c3b252ff016da 1502 strongswan_4.2.14-1.1.dsc
f21d0eaae8e4e12ffc95104225de78cf955a84a1 60089 strongswan_4.2.14-1.1.diff.gz
f47312c23c055e64a35cca6c209a21c992c01175 174264
libstrongswan_4.2.14-1.1_amd64.deb
2436f369b4c13d0354dbbfa93928e06d66b6a80f 306756
strongswan-starter_4.2.14-1.1_amd64.deb
ba4102f03583fb858c95d5154879b690b8c76a9c 440100
strongswan-ikev1_4.2.14-1.1_amd64.deb
1bd9ea72963cfe20756159f4fc5f27da3a4f22e7 252434
strongswan-ikev2_4.2.14-1.1_amd64.deb
22355de548495c5416d32f14e2e565e2b6a773fb 41796
strongswan-nm_4.2.14-1.1_amd64.deb
Checksums-Sha256:
92b7d1d588e89b293c1ebe1b61b8877c0fdad48322b7f9870513f04bf55d65e1 1502
strongswan_4.2.14-1.1.dsc
0846c4f85e0d7eff839d41a79fb075075f7ffc7f463e6868d4dfefd1f3e07140 60089
strongswan_4.2.14-1.1.diff.gz
a8557968f338f745a28b13383427b0d255c2ad00a05bdb586dd781ef07d8d283 174264
libstrongswan_4.2.14-1.1_amd64.deb
2bd47f134be9a3c176847850fccc5f5f465cb64863c3ee67903275e429c67626 306756
strongswan-starter_4.2.14-1.1_amd64.deb
ab4a33059119e7b1b9efa45caf23606b6d1437ef0dee76c665603f956f3e1860 440100
strongswan-ikev1_4.2.14-1.1_amd64.deb
7be28cca72dfa2b637d8586070eac49f1ff21fbb2acc08da2da73b19d5993a53 252434
strongswan-ikev2_4.2.14-1.1_amd64.deb
749633cd0ac08b1acb3e017ec8ab2c8c5613fdf125edfff61638380fc04ae516 41796
strongswan-nm_4.2.14-1.1_amd64.deb
Files:
2ca0928a814515d1fbfd58c03817aafe 1502 net optional strongswan_4.2.14-1.1.dsc
98db5ebbc42d17847943407a9c288ced 60089 net optional
strongswan_4.2.14-1.1.diff.gz
e23342a055eec3bc8fa3a2686973c1f5 174264 net optional
libstrongswan_4.2.14-1.1_amd64.deb
2d6e9ed11afc46be48b15b7935ba1403 306756 net optional
strongswan-starter_4.2.14-1.1_amd64.deb
d388d140f55ce4acd1fc301a9deadaf0 440100 net optional
strongswan-ikev1_4.2.14-1.1_amd64.deb
b2a488da2e4342bfa03c6ba2dadc9ccd 252434 net optional
strongswan-ikev2_4.2.14-1.1_amd64.deb
2d07ead3bcdfa9b6c55501a90292ac40 41796 net optional
strongswan-nm_4.2.14-1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAko2L2IACgkQHYflSXNkfP+sdgCfaPdd77M03RHEsuBEouQ/bg4s
P9gAnjBjfnr5CzcIt3P48rAwF/TaAFhZ
=sRPM
-----END PGP SIGNATURE-----
--- End Message ---
