Debian Security Advisory
DSA-2374-1 openswan -- implementation error
- Date Reported:
- 26 Dec 2011
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 650674.
In Mitre's CVE dictionary: CVE-2011-4073.
- More information:
The information security group at ETH Zurich discovered a denial of service vulnerability in the crypto helper handler of the IKE daemon pluto. More information can be found in the upstream advisory.
For the oldstable distribution (lenny), this problem has been fixed in version 1:2.4.12+dfsg-1.3+lenny4.
For the stable distribution (squeeze), this problem has been fixed in version 1:2.6.28+dfsg-5+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 1:2.6.37-1.
We recommend that you upgrade your openswan packages.