Summary: | DoS vulnerabilities in the charon daemon: CVE-2009-1957, CVE-2009-1958 | ||
---|---|---|---|
Product: | Sisyphus | Reporter: | Vladimir Lettiev <crux> |
Component: | strongswan | Assignee: | Michael Shigorin <mike> |
Status: | CLOSED FIXED | QA Contact: | qa-sisyphus |
Severity: | blocker | ||
Priority: | P3 | CC: | mike, week |
Version: | unstable | Keywords: | security |
Hardware: | all | ||
OS: | Linux | ||
URL: | http://download.strongswan.org/CHANGES42.txt |
Description
Vladimir Lettiev
2009-05-28 08:52:37 MSD
смотрю strongswan-4.2.15-alt1 -> sisyphus: * Thu May 28 2009 Michael Shigorin <mike@altlinux> 4.2.15-alt1 - 4.2.15 fixes two DoS issues with charon + sending a malformed IKE_SA_INIT request leaved an incomplete state which caused a null pointer dereference if a subsequent CREATE_CHILD_SA request was sent + sending an IKE_AUTH request with either a missing TSi or TSr payload caused a null pointer derefence because the checks for TSi and TSr were interchanged + patch2 unneeded (included upstream) - thanks crux@ for heads-up (closes: #20206) |