Two new security updates for Debian GNU/Linux has been released:
DSA-201-1 freeswan -- denial of service
DSA-202-1 im -- insecure temporary files
DSA-201-1 freeswan -- denial of service
Bindview discovered a problem in several IPSEC implementations that do not properly handle certain very short packets. IPSEC is a set of security extensions to IP which provide authentication and encryption. Free/SWan in Debian is affected by this and is said to cause a kernel panic.Read more
This problem has been fixed in version 1.96-1.4 for the current stable distribution (woody) and in version 1.99-1 for the unstable distribution (sid). The old stable distribution (potato) does not contain Free/SWan packages.
DSA-202-1 im -- insecure temporary files
Tatsuya Kinoshita discovered that IM, which contains interface commands and Perl libraries for E-mail and NetNews, creates temporary files insecurely.Read more
These problems have been fixed in version 141-18.1 for the current stable distribution (woody), in version 133-2.2 of the old stable distribution (potato) and in version 141-20 for the unstable distribution (sid).