"Ubuntu Security Notice USN-785-1 June 09, 2009
ipsec-tools vulnerabilities
CVE-2009-1574, CVE-2009-1632
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
racoon 1:0.6.5-4ubuntu1.3
Ubuntu 8.04 LTS:
racoon 1:0.6.7-1.1ubuntu1.2
Ubuntu 8.10:
racoon 1:0.7-2.1ubuntu1.8.10.1
Ubuntu 9.04:
racoon 1:0.7-2.1ubuntu1.9.04.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that ipsec-tools did not properly handle certain
fragmented packets. A remote attacker could send specially crafted packets
to the server and cause a denial of service. (CVE-2009-1574)
It was discovered that ipsec-tools did not properly handle memory usage
when verifying certificate signatures or processing nat-traversal
keep-alive messages. A remote attacker could send specially crafted packets
to the server and exhaust available memory, leading to a denial of service.
(CVE-2009-1632)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3.diff.gz
Size/MD5: 47090 280779d90a0f7536848a1cca73341b6a
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3.dsc
Size/MD5: 712 a90d9dc61b0362e9793b7435f1096d95
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5.orig.tar.gz
Size/MD5: 914466 168076243c023782d3fb44a583d4a32c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3_amd64.deb
Size/MD5: 89736 7a2f7d0e70937725f75e068ef591851b
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.3_amd64.deb
Size/MD5: 342898 47ac3ab37b8caff5aaf0d5906accb137
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3_i386.deb
Size/MD5: 83186 607346303887d171e1f1a5159a9f9b39
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.3_i386.deb
Size/MD5: 311706 e584431a2e9b19db6341f56ca6d76045
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3_powerpc.deb
Size/MD5: 91466 23d1170819d6c448a6200c5c810db09a
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.3_powerpc.deb
Size/MD5: 337228 932e5ea5fff47d58236f3880c16ab659
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3_sparc.deb
Size/MD5: 86964 c7a8222b8615062a9100160809d13969
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.3_sparc.deb
Size/MD5: 317156 a7c21275f89d272693126d169b2a2f53
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.7-1.1ubuntu1.2.diff.gz
Size/MD5: 262804 bb0fae5ca464467e3f5d4003dd0ae245
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.7-1.1ubuntu1.2.dsc
Size/MD5: 827 6f9552f869c9f1650dfbe61a9ec16b47
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.7.orig.tar.gz
Size/MD5: 933322 e9f38f6f12124b9c19da684c87db9fcf
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.7-1.1ubuntu1.2_amd64.deb
Size/MD5: 92200 556fdcda0401bb3f72b1cc03ca2174cf
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.7-=
1.1ubuntu1.2_amd64.deb
Size/MD5: 349432 f9f1e5ce0c9d3325a1f99225c76e0514
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.7-1.1ubuntu1.2_i386.deb
Size/MD5: 86780 be31f853e4981446c1e68a0c1c661c93
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.7-=
1.1ubuntu1.2_i386.deb
Size/MD5: 324470 a4725aef39e6d193139635f16f0b0daf
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.2_lpia.deb
Size/MD5: 87084 439fd07c48a7e7fca2cfd2f827172549
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
.2_lpia.deb
Size/MD5: 324632 05f4d7ef0fdad87891daf800a10141d9
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.2_powerpc.deb
Size/MD5: 96288 1b0910c9f460a559598c442152c5c66e
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
.2_powerpc.deb
Size/MD5: 351160 1996b4ddd1da36bcb19369d0bf187ff5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.2_sparc.deb
Size/MD5: 91360 ca4f1b8bdb1a158a05de15d463029ae3
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
.2_sparc.deb
Size/MD5: 325708 909074d26813426f4a817e344a1a347e
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.8.10.1.diff.gz
Size/MD5: 66463 b3e1ed6684086f492e5e88dd47911e2c
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.8.10.1.dsc
Size/MD5: 1239 22bfe8fa650c999af53f3066d1ffeabd
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7.orig.tar.gz
Size/MD5: 856242 1234d84ed02ca71eb01140ff96b81466
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.8.10.1_amd64.deb
Size/MD5: 103410 00e5e7c1dcd5bb25ba940619258cde82
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.7-2.=
1ubuntu1.8.10.1_amd64.deb
Size/MD5: 391092 947cff4ccead6d349f1bdb19232c886d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.8.10.1_i386.deb
Size/MD5: 97706 bc615236c0a5f7aec7500b9db5ce3f85
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.7-2.=
1ubuntu1.8.10.1_i386.deb
Size/MD5: 364104 0a42533bf0df3b125113e355460a8232
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.8.10.1_lpia.deb
Size/MD5: 97872 8cd16a8c856b1c93396a2c6a1da91905
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.8=
.10.1_lpia.deb
Size/MD5: 362796 6471414a83e1078456b8931d123ae922
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.8.10.1_powerpc.deb
Size/MD5: 107654 781298571d8b7ef05b8bd3dcff5aca42
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.8=
.10.1_powerpc.deb
Size/MD5: 387528 34371c933ef8c53779eb1d1bed08b47b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.8.10.1_sparc.deb
Size/MD5: 102058 b1bf8799d9fb4576b9d4395b30c67fc4
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.8=
.10.1_sparc.deb
Size/MD5: 363148 b41da262b7728474315c5f4321100444
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.9.04.1.diff.gz
Size/MD5: 66469 b63e878ed9f3e78dfcf8642f87e7e4fd
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.9.04.1.dsc
Size/MD5: 1239 b647364b24f844124eb0739c328169ea
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7.orig.tar.gz
Size/MD5: 856242 1234d84ed02ca71eb01140ff96b81466
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.9.04.1_amd64.deb
Size/MD5: 103394 318c7bfdcd01734461b2b7bb17d33a7c
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.7-2.=
1ubuntu1.9.04.1_amd64.deb
Size/MD5: 391008 294fa1d0c0d5926793e0abb00220928f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.9.04.1_i386.deb
Size/MD5: 97736 7b66eed93ec5efce3da76a983a56329c
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.7-2.=
1ubuntu1.9.04.1_i386.deb
Size/MD5: 363980 65d55da7dbd181daf60a15631eac6404
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.9.04.1_lpia.deb
Size/MD5: 97882 7cfc1df5732de7d3270adaf527c492f3
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.9=
.04.1_lpia.deb
Size/MD5: 362768 db27dd703945342fc35f34f1be604680
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.9.04.1_powerpc.deb
Size/MD5: 107644 150591d53fe9c2f590ba437d4225bd9a
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.9=
.04.1_powerpc.deb
Size/MD5: 387744 cf9a66e7a81d5d05208ce64616b46e77
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.9.04.1_sparc.deb
Size/MD5: 101946 ae8681001d73afa9c03bd024831d4de6
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.9=
.04.1_sparc.deb
Size/MD5: 363090 690b8c5da3f67e94783608f8352c1520
--=-i8Ge6HWx3/BkmkGO6gem
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkouqYgACgkQLMAs/0C4zNo2qwCgrp/BPjYRMxoEfylo4BIrXU4C
AZoAnRtTmu1mn91YuDsPjEYejpqMwChL
=ARRO
-----END PGP SIGNATURE-----
"
This entry was posted
on 8:55 PM
.
Archives
-
▼
2009
(488)
-
▼
June
(53)
- RHSA-2009:1127-01 Critical: kdelibs security update
- RHSA-2009:1128-01 Important: kdelibs security update
- USN-782-1: Thunderbird vulnerabilities
- RHSA-2009:1125-01 Moderate: thunderbird security u...
- RHSA-2009:1123-01 Moderate: gstreamer-plugins-good...
- USN-791-2: Moodle vulnerability
- RHSA-2009:1130-01 Critical: kdegraphics security u...
- RHSA-2009:1126-01 Moderate: thunderbird security u...
- DSA 1821-1: New amule packages fix insufficient in...
- RHSA-2009:1109-01 Critical: acroread security update
- DSA 1822-1: New mahara packages fix cross-site scr...
- DSA 1817-1: New ctorrent packages fix arbitrary co...
- RHSA-2009:1101-01 Moderate: cscope security update
- USN-788-1: Tomcat vulnerabilities
- DSA 1816-1: New apache2 packages fix privilege esc...
- RHSA-2009:1106-01 Important: kernel security and b...
- RHSA-2009:1102-01 Moderate: cscope security update
- DSA 1818-1: New gforge packages fix insufficient i...
- RHSA-2009:1100-01 Moderate: wireshark security update
- RHSA-2009:1107-01 Moderate: apr-util security update
- USN-775-2: Quagga regression
- DSA 1815-1: New libtorrent-rasterbar packages fix ...
- RHSA-2009:1096-01 Critical: seamonkey security update
- DSA 1814-1: New libsndfile packages fix arbitrary ...
- USN-784-1: ImageMagick vulnerability
- USN-785-1: ipsec-tools vulnerabilities
- RHSA-2009:1087-01 Important: mod_jk security update
- USN-783-1: eCryptfs vulnerability
- USN-781-1: Pidgin vulnerabilities
- RHSA-2009:1081-01 Important: kernel-rt security an...
- DSA 1809-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:1082-01 Important: cups security update
- USN-780-1: CUPS vulnerability
- USN-780-1: CUPS vulnerability
- DSA 1810-1: New cups/cupsys packages fix denial of...
- DSA 1812-1: New apr-util packages fix several vuln...
- RHSA-2009:1083-01 Important: cups security update
- USN-781-2: Gaim vulnerabilities
- RHSA-2009:1077-01 Important: kernel security and b...
- DSA 1810-1: New libapache-mod-jk packages fix info...
- USN-778-1: cron vulnerability
- RHSA-2009:1076-01 Low: Red Hat Enterprise Linux 2....
- DSA 1807-1: New cyrus-sasl2/cyrus-sasl2-heimdal pa...
- GLSA 200905-06 acpid: Denial of Service
- DSA 1805-1: New pidgin packages fix several vulner...
- GLSA 200905-08 NTP: Remote execution of arbitrary...
- GLSA 200905-07 Pidgin: Multiple vulnerabilities
- RHSA-2009:1067-01 Moderate: Red Hat Application St...
- RHSA-2009:1075-01 Moderate: httpd security update
- GLSA 200905-09 libsndfile: User-assisted executio...
- RHSA-2009:1066-01 Important: squirrelmail security...
- GLSA 200905-03 IPSec Tools: Denial of Service
- GLSA 200905-05 FreeType: Multiple vulnerabilities
-
▼
June
(53)