Advisories

Mandriva Advisories

Package name	ipsec-tools
Date	April 16th, 2007
Advisory ID	MDKSA-2007:084
Affected versions	MNF2.0, 2007.0, CS4.0, 2007.1
Synopsis	Updated ipsec-tools packages fix DoS vulnerability

Problem Description

The ipsec-tools package prior to version 0.6.7 allows remote attackers
to cause a Denial of Service (tunnel crash) via crafted DELTE and
NOTIFY messages.

Updated packages have been patched to correct this issue.

Updated Packages

Multi Network Firewall 2.0

 9d15b12b6265294254c4395d576af399  mnf/2.0/i586/ipsec-tools-0.2.5-0.4.M20mdk.i586.rpm
 9f1baa807c3f8c2fce15c51799d371d4  mnf/2.0/i586/ipsec-tools-0.2.5-0.5.M20mdk.i586.rpm
 438f827336c17aad6d6639e968d754b4  mnf/2.0/i586/libipsec-tools0-0.2.5-0.5.M20mdk.i586.rpm 
 eec95352e1b736a90f86c580925bcb8c  mnf/2.0/SRPMS/ipsec-tools-0.2.5-0.5.M20mdk.src.rpm

Mandriva Linux 2007

 45dbff65f54ae18f638bd7ba0bbaf42e  2007.0/i586/ipsec-tools-0.6.6-2.1mdv2007.0.i586.rpm
 e436d6c8455d234147142ae385b5257d  2007.0/i586/libipsec0-0.6.6-2.1mdv2007.0.i586.rpm
 545ac1abb2e59ec822c5484e7ceb0164  2007.0/i586/libipsec0-devel-0.6.6-2.1mdv2007.0.i586.rpm 
 50d4165a6a97f09778011f33d6d44ca0  2007.0/SRPMS/ipsec-tools-0.6.6-2.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 e2699ff4ac621bf8513a5fe08666a9ec  2007.0/x86_64/ipsec-tools-0.6.6-2.1mdv2007.0.x86_64.rpm
 46ea919ab6e9df83a84b0a34928d65f4  2007.0/x86_64/lib64ipsec0-0.6.6-2.1mdv2007.0.x86_64.rpm
 b36bd1ea7adc31f592eedb2abb5d33fc  2007.0/x86_64/lib64ipsec0-devel-0.6.6-2.1mdv2007.0.x86_64.rpm 
 50d4165a6a97f09778011f33d6d44ca0  2007.0/SRPMS/ipsec-tools-0.6.6-2.1mdv2007.0.src.rpm

Corporate Server 4.0

 be76171c672159b4f0f816c1ec5aab11  corporate/4.0/i586/ipsec-tools-0.6.5-2.1.20060mlcs4.i586.rpm
 076f5b9d0411a3f4632f4e981a26b3b7  corporate/4.0/i586/libipsec0-0.6.5-2.1.20060mlcs4.i586.rpm
 acce65810ca8328bca7e0286056f34f3  corporate/4.0/i586/libipsec0-devel-0.6.5-2.1.20060mlcs4.i586.rpm 
 1b91757b0c1f4e39eb5d3737f232fb68  corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.1.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 d5ebff7776ab22fe09cf688d590697a3  corporate/4.0/x86_64/ipsec-tools-0.6.5-2.1.20060mlcs4.x86_64.rpm
 ead3bf23ba08bd776595053e8f3b8585  corporate/4.0/x86_64/lib64ipsec0-0.6.5-2.1.20060mlcs4.x86_64.rpm
 c743b116469e8443a14ce40d8549f26c  corporate/4.0/x86_64/lib64ipsec0-devel-0.6.5-2.1.20060mlcs4.x86_64.rpm 
 1b91757b0c1f4e39eb5d3737f232fb68  corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.1.20060mlcs4.src.rpm

Mandriva Linux 2007.1

 a1fe5334c70d983076d28689277c5968  2007.1/i586/ipsec-tools-0.6.6-2.1mdv2007.1.i586.rpm
 8bee44d6e3f2248634d15cb1370b4f6e  2007.1/i586/libipsec0-0.6.6-2.1mdv2007.1.i586.rpm
 b06ab01becf6435a4c24c1a0434f062b  2007.1/i586/libipsec0-devel-0.6.6-2.1mdv2007.1.i586.rpm 
 ea4a41f7bc9fcbdff99ece8d87701b46  2007.1/SRPMS/ipsec-tools-0.6.6-2.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64

 e825119d669cc71752c766e43e90eae9  2007.1/x86_64/ipsec-tools-0.6.6-2.1mdv2007.1.x86_64.rpm
 ca27f136089ae600bea5ee00aeda0ce6  2007.1/x86_64/lib64ipsec0-0.6.6-2.1mdv2007.1.x86_64.rpm
 954f74bc941fa199a619ba265e78097c  2007.1/x86_64/lib64ipsec0-devel-0.6.6-2.1mdv2007.1.x86_64.rpm 
 ea4a41f7bc9fcbdff99ece8d87701b46  2007.1/SRPMS/ipsec-tools-0.6.6-2.1mdv2007.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1841

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer