-
Committer:
Package Import Robot
-
Author(s):
Harald Jenny
-
Date:
2012-01-17 16:53:31 UTC
-
Revision ID:
package-import@ubuntu.com-20120117165331-kf4pc3bl3gafjq7w
Tags: 1:2.4.9+dfsg-1ubuntu0.1
* SECURITY UPDATE: symlink attack through predictable filenames in /tmp
- debian/patches/02-fix-unsecure-tmp-file.dpatch: change
programs/livetest/livetest.in to use mktemp for temporary file creation.
Patch taken from Debian openswan 1:2.4.12+dfsg-1.3 package.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374
* SECURITY UPDATE: denial of service attack via malicious Dead Peer Detection
packet
- debian/patches/03-CVE-2009-0790.dpatch: adjust programs/pluto/demux.c to
check for a possbile NULL value. Patch taken from Debian openswan
1:2.4.12+dfsg-1.3+lenny1 package.
- CVE-2009-0790
* SECURITY UPDATE: denial of service attack via specially crafted X.509
certificate
- debian/patches/04-CVE-2009-2185.dpatch: create include/oswtime.h and
modify programs/pluto/asn1.c as well as lib/libopenswan/optionsfrom.c to
do proper checks on certificate objects length. Patch taken from Debian
openswan 1:2.4.12+dfsg-1.3+lenny2 package.
- CVE-2009-2185
* SECURITY UPDATE: denial of service attack via deliberately interrupted
IPSec connection attempt
- debian/patches/05-2.4.9-CVE-2011-4073.dpatch: change
programs/pluto/ikev1_continuations.h and programs/pluto/ikev1_quick.c to
check for vanished ISAKMP SA in Quick Mode negotiation. Patch taken from
Debian openswan 1:2.4.12+dfsg-1.3+lenny3 package and slightly modified.
- CVE-2011-4073
(LP: #917754)