DSA-1760-1 openswan -- denial of serviceID: oval:org.secpod.oval:def:600315 | Date: (C)2011-05-13 (M)2022-10-10 |
Class: PATCH | Family: unix |
Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4190 Dmitry E. Oboukhov discovered that the livetest tool is using temporary files insecurely, which could lead to a denial of service attack. CVE-2009-0790 Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone to a denial of service attack via a malicious packet. For the stable distribution , this problem has been fixed in version 2.4.12+dfsg-1.3+lenny1. For the oldstable distribution , this problem has been fixed in version 2.4.6+dfsg.2-1.1+etch1. For the testing distribution and the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your openswan packages.
Platform: |
Debian 5.0 |
Debian 4.0 |