Debian 10261 Published by

The following two updates are available for Debian GNU/Linux:

[DSA 3118-1] strongswan security update
[DSA 3119-1] libevent security update



[DSA 3118-1] strongswan security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3118-1 security@debian.org
http://www.debian.org/security/ Yves-Alexis Perez
January 05, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : strongswan
CVE ID : CVE-2014-9221

Mike Daskalakis reported a denial of service vulnerability in charon,
the IKEv2 daemon for strongSwan, an IKE/IPsec suite used to establish
IPsec protected links.

The bug can be triggered by an IKEv2 Key Exchange (KE) payload that
contains the Diffie-Hellman (DH) group 1025. This identifier is from the
private-use range and only used internally by libtls for DH groups with
custom generator and prime (MODP_CUSTOM). As such the instantiated
method expects that these two values are passed to the constructor. This
is not the case when a DH object is created based on the group in the KE
payload. Therefore, an invalid pointer is dereferenced later, which
causes a segmentation fault.

This means that the charon daemon can be crashed with a single
IKE_SA_INIT message containing such a KE payload. The starter process
should restart the daemon after that, but this might increase load on
the system. Remote code execution is not possible due to this issue, nor
is IKEv1 affected in charon or pluto.

For the stable distribution (wheezy), this problem has been fixed in
version 4.5.2-1.5+deb7u6.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 5.2.1-5.

For the unstable distribution (sid), this problem has been fixed in
version 5.2.1-5.

We recommend that you upgrade your strongswan packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[DSA 3119-1] libevent security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3119-1 security@debian.org
http://www.debian.org/security/ Salvatore Bonaccorso
January 06, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libevent
CVE ID : CVE-2014-6272
Debian Bug : 774645

Andrew Bartlett of Catalyst reported a defect affecting certain
applications using the Libevent evbuffer API. This defect leaves
applications which pass insanely large inputs to evbuffers open to a
possible heap overflow or infinite loop. In order to exploit this flaw,
an attacker needs to be able to find a way to provoke the program into
trying to make a buffer chunk larger than what will fit into a single
size_t or off_t.

For the stable distribution (wheezy), this problem has been fixed in
version 2.0.19-stable-3+deb7u1.

For the upcoming stable distribution (jessie) and the unstable
distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your libevent packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/