[SECURITY] [DLA 1044-1] ipsec-tools security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1044-1] ipsec-tools security update
From: Noah Meyerhans <noahm@debian.org>
Date: Sat, 29 Jul 2017 21:25:48 -0700
Message-id: <[🔎] 20170730042548.emskv766dgtv2stp@ctrl.internal.morgul.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : ipsec-tools
Version        : 1:0.8.0-14+deb7u1
CVE ID         : CVE-2016-10396
Debian Bug     : 867986

The racoon daemon in IPsec-Tools 0.8.2 and earlier contains a remotely
exploitable computational-complexity attack when parsing and storing
ISAKMP fragments. The implementation permits a remote attacker to
exhaust computational resources on the remote endpoint by repeatedly
sending ISAKMP fragment packets in a particular order such that the
worst-case computational complexity is realized in the algorithm
utilized to determine if reassembly of the fragments can take place.

For Debian 7 "Wheezy", these problems have been fixed in version
1:0.8.0-14+deb7u2.

We recommend that you upgrade your ipsec-tools packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEpNGebtPBMx7yU+olHNjYVP5CUsEFAll9X5cACgkQHNjYVP5C
UsEypg//RloHMDufkX1hfHHs32dOH6zyzbfOCd4OZl1RRfx1JMdx8ZCYBvctTdya
IfOtHgnItTdNes2WK2Qq4gsiBxSVw5zuVr6Oqy3DFKlcPdCntYf5lM5UecC0g2we
MYwpKoEXraN6slDOyTQktzVhOzu3BYRJLpeCfhRJeFROhnlvhSE+PPQ8vFM2kSOn
KBSMjKFdH6IS7EnY3r2SN4nlbGnV7NvUt7FB8I7eofQPVCU362nAkTAhNUOvmMkV
efVDFvYv4Wm2FU8WlJ0HDOQWUbYtELVDUothbK4TJNa1WokcFif9lsLxOrUAF/94
I3zRarFSo3i6mkvFctytAh2/kidV0UEi+xkcOA5CA4cbsX+Fqt5a6WwrPe52pEFc
HmVBnvWngXYctLyVOEpEcCljdZt0ldnMtAQyfDFpjh67lRiMRvCMQjpObLisZP8G
c4nozFQRRBW+s94+tFjcKy4nQ+Jcjb+qUlc3HrM5M5qJlZYew3n9LqixcANRyYnR
m6POz2ysTBQADKFtg7+HjJKBxzeAtfUy9qezE/1yLUTdzW4sSK9+FAB3VIjlhaCB
6+qsB3u/w7DeCSQjdpB2yxIR3YnqsRcaePh+7KEQRN8CCxZX2hb6Pjka0GJgjoPq
lB8rD3lUKQ2DaDQBNUcIM8FjGJc/jNSeUXelBuR5shDovcNmYxU=
=qQgW
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 841-2] apache2 regression update
Next by Date: [SECURITY] [DLA 1046-1] lucene-solr security update
Previous by thread: [SECURITY] [DLA 841-2] apache2 regression update
Next by thread: [SECURITY] [DLA 1046-1] lucene-solr security update
Index(es):
- Date
- Thread