* SECURITY UPDATE: symlink attack through predictable filenames in /tmp
- debian/patches/02-fix-unsecure-tmp-file.dpatch: change
programs/livetest/livetest.in to use mktemp for temporary file creation.
Patch taken from Debian openswan 1:2.4.12+dfsg-1.3 package.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374
* SECURITY UPDATE: denial of service attack via malicious Dead Peer Detection
packet
- debian/patches/03-CVE-2009-0790.dpatch: adjust programs/pluto/demux.c to
check for a possbile NULL value. Patch taken from Debian openswan
1:2.4.12+dfsg-1.3+lenny1 package.
- CVE-2009-0790
* SECURITY UPDATE: denial of service attack via specially crafted X.509
certificate
- debian/patches/04-CVE-2009-2185.dpatch: create include/oswtime.h and
modify programs/pluto/asn1.c as well as lib/libopenswan/optionsfrom.c to
do proper checks on certificate objects length. Patch taken from Debian
openswan 1:2.4.12+dfsg-1.3+lenny2 package.
- CVE-2009-2185
* SECURITY UPDATE: denial of service attack via deliberately interrupted
IPSec connection attempt
- debian/patches/05-2.4.9-CVE-2011-4073.dpatch: change
programs/pluto/ikev1_continuations.h and programs/pluto/ikev1_quick.c to
check for vanished ISAKMP SA in Quick Mode negotiation. Patch taken from
Debian openswan 1:2.4.12+dfsg-1.3+lenny3 package and slightly modified.
- CVE-2011-4073
(LP: #917754)
-- Harald Jenny <email address hidden> Tue, 17 Jan 2012 16:53:31 +0100
This bug was fixed in the package openswan - 1:2.4.9+ dfsg-1ubuntu0. 1
--------------- 9+dfsg- 1ubuntu0. 1) hardy-security; urgency=low
openswan (1:2.4.
* SECURITY UPDATE: symlink attack through predictable filenames in /tmp patches/ 02-fix- unsecure- tmp-file. dpatch: change livetest/ livetest. in to use mktemp for temporary file creation. bugs.debian. org/cgi- bin/bugreport. cgi?bug= 496374 patches/ 03-CVE- 2009-0790. dpatch: adjust programs/ pluto/demux. c to 2.4.12+ dfsg-1. 3+lenny1 package. patches/ 04-CVE- 2009-2185. dpatch: create include/oswtime.h and pluto/asn1. c as well as lib/libopenswan /optionsfrom. c to dfsg-1. 3+lenny2 package. patches/ 05-2.4. 9-CVE-2011- 4073.dpatch: change pluto/ikev1_ continuations. h and programs/ pluto/ikev1_ quick.c to dfsg-1. 3+lenny3 package and slightly modified.
- debian/
programs/
Patch taken from Debian openswan 1:2.4.12+dfsg-1.3 package.
- http://
* SECURITY UPDATE: denial of service attack via malicious Dead Peer Detection
packet
- debian/
check for a possbile NULL value. Patch taken from Debian openswan
1:
- CVE-2009-0790
* SECURITY UPDATE: denial of service attack via specially crafted X.509
certificate
- debian/
modify programs/
do proper checks on certificate objects length. Patch taken from Debian
openswan 1:2.4.12+
- CVE-2009-2185
* SECURITY UPDATE: denial of service attack via deliberately interrupted
IPSec connection attempt
- debian/
programs/
check for vanished ISAKMP SA in Quick Mode negotiation. Patch taken from
Debian openswan 1:2.4.12+
- CVE-2011-4073
(LP: #917754)
-- Harald Jenny <email address hidden> Tue, 17 Jan 2012 16:53:31 +0100