ipsec tools fixes a "remote crash in fragmentation code"
+ipsec-tools-0.7.2.ebuild
amd64/x86 stable
sparc stable
ppc done
vote yes for constancy with bug #232831
*** Bug 268841 has been marked as a duplicate of this bug. ***
Name: CVE-2009-1574 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574 racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
Got rid of the two old vulnerable versions. Voting YES for a GLSA.
Yes, too. Request filed.
CVE-2009-1632 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1632): Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
GLSA 200905-03