MGASA-2012-0300
| Date: | October 20th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated openswan packages fix security vulnerabilities:
Two buffer overflow flaws were found in the Openswan client-side XAUTH
handling code used when connecting to certain Cisco gateways. A malicious
or compromised VPN gateway could use these flaws to execute arbitrary code
on the connecting Openswan client (CVE-2010-3302, CVE-2010-3308).
Two input sanitization flaws were found in the Openswan client-side
handling of Cisco gateway banners. A malicious or compromised VPN gateway
could use these flaws to execute arbitrary code on the connecting Openswan
client (CVE-2010-3752, CVE-2010-3753).
A use-after-free flaw was found in the way Openswan's pluto IKE daemon used
cryptographic helpers. A remote, authenticated attacker could send a
specially-crafted IKE packet that would crash the pluto daemon. This issue
only affected SMP (symmetric multiprocessing) systems that have the
cryptographic helpers enabled (CVE-2011-4073).
Updated Packages:
Mageia 1:
openswan-2.6.28-2.1.mga1
openswan-doc-2.6.28-2.1.mga1
Mageia 2:
openswan-2.6.28-2.1.mga2
openswan-doc-2.6.28-2.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3752
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4073
https://rhn.redhat.com/errata/RHSA-2010-0892.html
http://rhn.redhat.com/errata/RHSA-2011-1422.html
https://bugs.mageia.org/show_bug.cgi?id=7095
