[SECURITY] [DSA 2922-1] strongswan security update

2014-05-0512:55:32

lists.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

5.8

Confidence

Low

EPSS

0.044

Percentile

92.4%

JSON

Debian Security Advisory DSA-2922-1 [email protected]
http://www.debian.org/security/ Yves-Alexis Perez
May 05, 2014 http://www.debian.org/security/faq

Package : strongswan
CVE ID : CVE-2014-2891

A vulnerability has been found in the ASN.1 parser of strongSwan, an
IKE/IPsec suite used to establish IPsec protected links.

By sending a crafted ID_DER_ASN1_DN ID payload to a vulnerable pluto or
charon daemon, a malicious remote user can provoke a null pointer
dereference in the daemon parsing the identity, leading to a crash and a
denial of service.

For the oldstable distribution (squeeze), this problem has been fixed in
version 4.4.1-5.6.

For the stable distribution (wheezy), this problem has been fixed in
version 4.5.2-1.5+deb7u4.

For the testing distribution (jessie), this problem has been fixed in
version 5.1.2-1.

For the unstable distribution (sid), this problem has been fixed in
version 5.1.2-1.

We recommend that you upgrade your strongswan packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7ia64strongswan-ikev1< 4.5.2-1.5+deb7u4strongswan-ikev1_4.5.2-1.5+deb7u4_ia64.deb
Debian7armhflibstrongswan< 4.5.2-1.5+deb7u4libstrongswan_4.5.2-1.5+deb7u4_armhf.deb
Debian6sparcstrongswan-ikev1< 4.4.1-5.6strongswan-ikev1_4.4.1-5.6_sparc.deb
Debian6s390libstrongswan< 4.4.1-5.6libstrongswan_4.4.1-5.6_s390.deb
Debian7ia64strongswan-ikev2< 4.5.2-1.5+deb7u4strongswan-ikev2_4.5.2-1.5+deb7u4_ia64.deb
Debian6sparcstrongswan-starter< 4.4.1-5.6strongswan-starter_4.4.1-5.6_sparc.deb
Debian7mipselstrongswan-nm< 4.5.2-1.5+deb7u4strongswan-nm_4.5.2-1.5+deb7u4_mipsel.deb
Debian6powerpclibstrongswan< 4.4.1-5.6libstrongswan_4.4.1-5.6_powerpc.deb
Debian7armelstrongswan-starter< 4.5.2-1.5+deb7u4strongswan-starter_4.5.2-1.5+deb7u4_armel.deb
Debian6mipsstrongswan-starter< 4.4.1-5.6strongswan-starter_4.4.1-5.6_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	ia64	strongswan-ikev1	< 4.5.2-1.5+deb7u4	strongswan-ikev1_4.5.2-1.5+deb7u4_ia64.deb
Debian	7	armhf	libstrongswan	< 4.5.2-1.5+deb7u4	libstrongswan_4.5.2-1.5+deb7u4_armhf.deb
Debian	6	sparc	strongswan-ikev1	< 4.4.1-5.6	strongswan-ikev1_4.4.1-5.6_sparc.deb
Debian	6	s390	libstrongswan	< 4.4.1-5.6	libstrongswan_4.4.1-5.6_s390.deb
Debian	7	ia64	strongswan-ikev2	< 4.5.2-1.5+deb7u4	strongswan-ikev2_4.5.2-1.5+deb7u4_ia64.deb
Debian	6	sparc	strongswan-starter	< 4.4.1-5.6	strongswan-starter_4.4.1-5.6_sparc.deb
Debian	7	mipsel	strongswan-nm	< 4.5.2-1.5+deb7u4	strongswan-nm_4.5.2-1.5+deb7u4_mipsel.deb
Debian	6	powerpc	libstrongswan	< 4.4.1-5.6	libstrongswan_4.4.1-5.6_powerpc.deb
Debian	7	armel	strongswan-starter	< 4.5.2-1.5+deb7u4	strongswan-starter_4.5.2-1.5+deb7u4_armel.deb
Debian	6	mips	strongswan-starter	< 4.4.1-5.6	strongswan-starter_4.4.1-5.6_mips.deb