Yet another ipsec-tools issue guys!
Please see CAN-2004-0403.
What: racoon contains an issue with handling of ISAKMP packets. Malformed packets that have an overly large length field can consume system resources, causing a DoS.
Resolution: Upgrade to 0.3.1 which includes a check for overly large length fields.
I've justa added this in ~x86 (no stable version for x86 yet) and have bugged both amd64 and sparc people for testing. Once they've added keywords i'll remove 0.2.5 from the tree. Need anything else from me?
sorry, re-marked it amd64... :-/
Draft GLSA is ready for review. As soon as a couple of other folks from the security team have reviewed it for accuracy, we'll send it out.
this reminded me of the fact that iputils-021109 comes packaged with racoon
since ipsec-tools exists to install racoon and such, and we dont know *when* the next upstream release will be of iputils, i've removed racoon from iputils-021109 starting with -r3
not a big deal since the two ebuilds were clobbering each other anyways and thats a no no ;)