Ubuntu
openswan package

Multiple security vulnerabilites in openswan package

Bug #917754 reported by Harald Jenny
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openswan (Ubuntu)
Fix Released
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned
Harald Jenny (harald-a-little-linux-box)
Changed in bzr-builddeb:
status: New → Invalid
affects: bzr-builddeb → openswan
Changed in openswan:
status: Invalid → New
affects: openswan → openswan (Ubuntu)
Revision history for this message
Harald Jenny (harald-a-little-linux-box) wrote :

Attached is a debdiff with patches for all 4 security vulnerabilities, please review it concerning correctness of changelog and patch headers.

Marc Deslauriers (mdeslaur)
visibility: private → public
visibility: private → public
Revision history for this message
Harald Jenny (harald-a-little-linux-box) wrote :

Following test have been performed successfully:

package installation
package upgrade
host-to-host connection with PSK and DPD enabled
host-to-host connection with X.509 certificate and DPD enabled

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the debdiff. Updated lucid package is building now and will be released once it's built.

Thanks!

Changed in openswan (Ubuntu):
status: New → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Sorry, I meant the hardy package, not the lucid one.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openswan - 1:2.4.9+dfsg-1ubuntu0.1

---------------
openswan (1:2.4.9+dfsg-1ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: symlink attack through predictable filenames in /tmp
    - debian/patches/02-fix-unsecure-tmp-file.dpatch: change
      programs/livetest/livetest.in to use mktemp for temporary file creation.
      Patch taken from Debian openswan 1:2.4.12+dfsg-1.3 package.
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374
  * SECURITY UPDATE: denial of service attack via malicious Dead Peer Detection
    packet
    - debian/patches/03-CVE-2009-0790.dpatch: adjust programs/pluto/demux.c to
      check for a possbile NULL value. Patch taken from Debian openswan
      1:2.4.12+dfsg-1.3+lenny1 package.
    - CVE-2009-0790
  * SECURITY UPDATE: denial of service attack via specially crafted X.509
    certificate
    - debian/patches/04-CVE-2009-2185.dpatch: create include/oswtime.h and
      modify programs/pluto/asn1.c as well as lib/libopenswan/optionsfrom.c to
      do proper checks on certificate objects length. Patch taken from Debian
      openswan 1:2.4.12+dfsg-1.3+lenny2 package.
    - CVE-2009-2185
  * SECURITY UPDATE: denial of service attack via deliberately interrupted
    IPSec connection attempt
    - debian/patches/05-2.4.9-CVE-2011-4073.dpatch: change
      programs/pluto/ikev1_continuations.h and programs/pluto/ikev1_quick.c to
      check for vanished ISAKMP SA in Quick Mode negotiation. Patch taken from
      Debian openswan 1:2.4.12+dfsg-1.3+lenny3 package and slightly modified.
    - CVE-2011-4073
  (LP: #917754)
 -- Harald Jenny <email address hidden> Tue, 17 Jan 2012 16:53:31 +0100

Changed in openswan (Ubuntu Hardy):
status: New → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Unsubscribing ubuntu-security-sponsors for now. Please re-subscribe the team once a new debdiff has been attached. Thanks.

Adolfo Jayme Barrientos (fitojb)
no longer affects: openswan (Ubuntu Lucid)
no longer affects: openswan (Ubuntu Maverick)
no longer affects: openswan (Ubuntu Natty)
no longer affects: openswan (Ubuntu Oneiric)
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.