Your message dated Wed, 13 May 2009 11:47:04 +0000
with message-id <e1m4cvq-0007nk...@ries.debian.org>
and subject line Bug#527634: fixed in ipsec-tools 1:0.7.1-1.4
has caused the Debian Bug report #527634,
regarding ipsec-tools: CVE-2009-1574 remote denial of service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
527634: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527634
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ipsec-tools
Version: 1:0.7.1-1.3
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ipsec-tools.
CVE-2009-1574[0]:
| racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote
| attackers to cause a denial of service (crash) via crafted fragmented
| packets without a payload, which triggers a NULL pointer dereference.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574
http://security-tracker.debian.net/tracker/CVE-2009-1574
This looks like the patch:
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.4&r2=1.4.6.1&f=h
luciano
--- End Message ---
--- Begin Message ---
Source: ipsec-tools
Source-Version: 1:0.7.1-1.4
We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:
ipsec-tools_0.7.1-1.4.diff.gz
to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.4.diff.gz
ipsec-tools_0.7.1-1.4.dsc
to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.4.dsc
ipsec-tools_0.7.1-1.4_amd64.deb
to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.4_amd64.deb
racoon_0.7.1-1.4_amd64.deb
to pool/main/i/ipsec-tools/racoon_0.7.1-1.4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 527...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <n...@debian.org> (supplier of updated ipsec-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 13 May 2009 13:24:22 +0200
Source: ipsec-tools
Binary: ipsec-tools racoon
Architecture: source amd64
Version: 1:0.7.1-1.4
Distribution: unstable
Urgency: high
Maintainer: Ganesan Rajagopal <rgane...@debian.org>
Changed-By: Nico Golde <n...@debian.org>
Description:
ipsec-tools - IPsec tools for Linux
racoon - IPsec IKE keying daemon
Closes: 527634
Changes:
ipsec-tools (1:0.7.1-1.4) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix possible denial of service via a fragment without
any payload (all item lengths = 0) which triggers a
null ptr dereference (Closes: #527634).
Checksums-Sha1:
6d008b7ba9776494733a827e92b93f2b1f1a868b 1116 ipsec-tools_0.7.1-1.4.dsc
855313394ed25f31b01e8f3580ca875f219c992e 49085 ipsec-tools_0.7.1-1.4.diff.gz
2d31d3075991019d7da81d0f6b49a783912b7796 104398 ipsec-tools_0.7.1-1.4_amd64.deb
60b80d92315d78edb2af6a61e1a3fbec189c7ce0 408204 racoon_0.7.1-1.4_amd64.deb
Checksums-Sha256:
50be31cc281158f51f7045af47096514efbdd067c74255964e7039df9f4ab400 1116
ipsec-tools_0.7.1-1.4.dsc
4ec7a297089e8906ea8ef3a127a750843bb8c8728bbba03bca687c285b794b7b 49085
ipsec-tools_0.7.1-1.4.diff.gz
7b693fa4bedfeb92c8bca036abcac535c232ea0485cc438f36375409d9b51303 104398
ipsec-tools_0.7.1-1.4_amd64.deb
80f60f3fae09384343defb873913d7ea15b93640df07a91e1e71ed0343a1959f 408204
racoon_0.7.1-1.4_amd64.deb
Files:
b918815f19054feaee63c496e79277f0 1116 net extra ipsec-tools_0.7.1-1.4.dsc
0c25fac5bd576081757e509e43312ccb 49085 net extra ipsec-tools_0.7.1-1.4.diff.gz
74303b963aa3d842f6bed799d4b86674 104398 net extra
ipsec-tools_0.7.1-1.4_amd64.deb
df4249a579374dfe78269d5be4bb560c 408204 net extra racoon_0.7.1-1.4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoKr60ACgkQHYflSXNkfP+VywCaA5GBCKXRmpgksgvmDuFoEh7R
D+wAmwY/5MgfrMYFEZZpVGprpX70MW4X
=bQnc
-----END PGP SIGNATURE-----
--- End Message ---
