| |||||||||||||||||||
Mageia alert MGASA-2012-0300 (openswan)
MGASA-2012-0300 Date: October 20th, 2012 Affected releases: 1, 2 Description: Updated openswan packages fix security vulnerabilities: Two buffer overflow flaws were found in the Openswan client-side XAUTH handling code used when connecting to certain Cisco gateways. A malicious or compromised VPN gateway could use these flaws to execute arbitrary code on the connecting Openswan client (CVE-2010-3302, CVE-2010-3308). Two input sanitization flaws were found in the Openswan client-side handling of Cisco gateway banners. A malicious or compromised VPN gateway could use these flaws to execute arbitrary code on the connecting Openswan client (CVE-2010-3752, CVE-2010-3753). A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP (symmetric multiprocessing) systems that have the cryptographic helpers enabled (CVE-2011-4073). Updated Packages: Mageia 1: openswan-2.6.28-2.1.mga1 openswan-doc-2.6.28-2.1.mga1 Mageia 2: openswan-2.6.28-2.1.mga2 openswan-doc-2.6.28-2.1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3302 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3308 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3752 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3753 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4073 https://rhn.redhat.com/errata/RHSA-2010-0892.html http://rhn.redhat.com/errata/RHSA-2011-1422.html https://bugs.mageia.org/show_bug.cgi?id=7095 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||