Summary: | <net-misc/openswan-2.6.37 Cryptographic Helper Use-After-Free DoS (CVE-2011-4073) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mrness |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/46681/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 349640, 372961 |
Description
Agostino Sarubbo
2011-10-31 13:53:11 UTC
Atm I set to B3 because I don't know if nhelpers=0 is a default or not configuration. Anyway there is no big difference from B3 ad C3 net-misc/openswan-2.6.37 has been submitted to the tree Thanks. Arches please test and mark stable: =net-misc/openswan-2.6.37 target KEYWORDS : "amd64 x86" @mrness, is enough compile test or is required other? I've test it myself in a L2TP setup, a simple compile test should be enough. x86 stable amd64 ok amd64: just a minor QA issue; * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * ikeping.c:257:9: warning: dereferencing type-punned pointer will break strict-aliasing rules * ikeping.c:259:9: warning: dereferencing type-punned pointer will break strict-aliasing rules * Please do not file a Gentoo bug and instead report the above QA * issues directly to the upstream developers of this software. otherwise all aok + 10 Nov 2011; Tony Vroon <chainsaw@gentoo.org> openswan-2.6.37.ebuild: + Marked stable on AMD64 based on arch testing by Agostino "ago" Sarubbo & Ian + "idella4" Delaney in security bug #389097. Thanks, added glsa request vote Thanks, folks. GLSA Vote: yes. CVE-2011-4073 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4073): Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. Vote: Yes. Created new GLSA request. This issue was resolved and addressed in GLSA 201203-13 at http://security.gentoo.org/glsa/glsa-201203-13.xml by GLSA coordinator Sean Amoss (ackle). |