Your message dated Tue, 19 May 2009 11:47:06 +0000
with message-id <[email protected]>
and subject line Bug#528933: fixed in ipsec-tools 1:0.7.1-1.5
has caused the Debian Bug report #528933,
regarding CVE-2009-1632: Multiple memory leaks in Ipsec-tools before 0.7.2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
528933: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528933
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ipsec-tools
Version: 1:0.7.1-1.4
Severity: important
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ipsec-tools.
CVE-2009-1632[0]:
| Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
| attackers to cause a denial of service (memory consumption) via
| vectors involving (1) signature verification during user
| authentication with X.509 certificates, related to the
| eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2)
| the NAT-Traversal (aka NAT-T) keepalive implementation, related to
| src/racoon/nattraversal.c.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For the moment set only important as severity because 1:0.7.1-1.4 needs to
migrate in testing, and I don't know if an RC bug could interfere.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632
http://security-tracker.debian.net/tracker/CVE-2009-1632
http://marc.info/?l=oss-security&m=124101704828036&w=2
Patches:
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoOwQkACgkQNxpp46476apwggCeOsGCHxZDseuTaVSqy8cxcXRa
SJgAn2CKMUqdfUBs9y30R2puUlh2fwpu
=oQ8G
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: ipsec-tools
Source-Version: 1:0.7.1-1.5
We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:
ipsec-tools_0.7.1-1.5.diff.gz
to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.5.diff.gz
ipsec-tools_0.7.1-1.5.dsc
to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.5.dsc
ipsec-tools_0.7.1-1.5_amd64.deb
to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.5_amd64.deb
racoon_0.7.1-1.5_amd64.deb
to pool/main/i/ipsec-tools/racoon_0.7.1-1.5_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[email protected]> (supplier of updated ipsec-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 19 May 2009 13:26:14 +0200
Source: ipsec-tools
Binary: ipsec-tools racoon
Architecture: source amd64
Version: 1:0.7.1-1.5
Distribution: unstable
Urgency: high
Maintainer: Ganesan Rajagopal <[email protected]>
Changed-By: Nico Golde <[email protected]>
Description:
ipsec-tools - IPsec tools for Linux
racoon - IPsec IKE keying daemon
Closes: 528933
Changes:
ipsec-tools (1:0.7.1-1.5) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix multiple memory leaks in NAT traversal and RSA authentication
code of racoon leading to DoS because (CVE-2009-1632; Closes: #528933).
Checksums-Sha1:
81af7eee74e0c5231c3f32a7f33bcbe7a28cda9a 1116 ipsec-tools_0.7.1-1.5.dsc
80afb4b9b5daabfeaf3b2e8a72517874a04277e4 49687 ipsec-tools_0.7.1-1.5.diff.gz
ffb9086d2868049b0822a2d608a2a84db3e3a4f9 104484 ipsec-tools_0.7.1-1.5_amd64.deb
0292b7b1e64a0b90bfd0aa6ab9444d6c8a8447af 408352 racoon_0.7.1-1.5_amd64.deb
Checksums-Sha256:
4acbd0c21fb693b8e00890b8a7ed6527907d1a6b7ff008c8abc92f1f1615194b 1116
ipsec-tools_0.7.1-1.5.dsc
ea8239d665454068ea75946491fa76f4ebce50c56af60441ae30ebbab8a2cb6b 49687
ipsec-tools_0.7.1-1.5.diff.gz
02fe3190fc6f2d550551df5d58ea960a5300ae3d7dbafa35391bf807bc3ed941 104484
ipsec-tools_0.7.1-1.5_amd64.deb
ecc08367bc752d1cff34757a45f6e7ebabb8906914e578b939d7eeaf986bd80b 408352
racoon_0.7.1-1.5_amd64.deb
Files:
950172a25d8d2d363b89ece99bcd5ed5 1116 net extra ipsec-tools_0.7.1-1.5.dsc
42d17f5dec3f94db8da4b1ce93daf5c2 49687 net extra ipsec-tools_0.7.1-1.5.diff.gz
9e59c34cd7c213af53547bec3a10d0c6 104484 net extra
ipsec-tools_0.7.1-1.5_amd64.deb
8bdd9cf4a853f241d274518db1136b2d 408352 net extra racoon_0.7.1-1.5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoSmH0ACgkQHYflSXNkfP8mqwCeJXgh/i8lTV0tMQYJxe33bHMD
5nEAn3P6YbTRe8bMfIfUM4xUgLMQiigO
=molp
-----END PGP SIGNATURE-----
--- End Message ---
