--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9016
2008-11-07 01:38:41
--------------------------------------------------------------------------------
Name : ipsec-tools
Product : Fedora 8
Version : 0.7.1
Release : 5.fc8
URL :
http://ipsec-tools.sourceforge.net/
Summary : Tools for configuring and using IPSEC
Description :
This is the IPsec-Tools package. You need this package in order to
really use the IPsec functionality in the linux-2.5+ kernels. This
package builds:
- setkey, a program to directly manipulate policies and SAs
- racoon, an IKEv1 keying daemon
--------------------------------------------------------------------------------
Update Information:
The update fixes memory leaks potentially leading to DoS (CVE-2008-3651
CVE-2008-3652). It also fixes problems with DPD and NAT-T support. This has
been in rawhide for a while, with no bad reports. It improves remote-access
client connection to Cisco ASA.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2008 Tomas Mraz <tmraz@redhat.com> - 0.7.1-5
- fix CVE-2008-3652 (memory leak DoS)
- compile racoon as PIE
- another fix for teardown of the IPSEC SAs on DPD in some circumstances
* Sun Aug 10 2008 Tomas Mraz <tmraz@redhat.com> - 0.7.1-4
- Even better fix for IPSEC SA purging avoiding code duplication
(original idea by Darrel Goeddel)
* Fri Aug 8 2008 Tomas Mraz <tmraz@redhat.com> - 0.7.1-3
- Fix IPSEC SA purge with NAT_T enabled
* Wed Jul 30 2008 Tomas Mraz <tmraz@redhat.com> - 0.7.1-2
- Different approach to allow racoon to add loopback SAs for
labeled IPSec (without ISAKMP)
* Tue Jul 29 2008 Tomas Mraz <tmraz@redhat.com> - 0.7.1-1
- Update to a new upstream version
* Thu Feb 28 2008 Steve Conklin <sconklin@redhat.com> - 0.7-13
- Resolves bz#273261 remote-access client connection to Cisco ASA
* Mon Feb 25 2008 Steve Conklin <sconklin@redhat.com> - 0.7-12
- And again
* Mon Feb 25 2008 Steve Conklin <sconklin@redhat.com> - 0.7-11
- Messed that up, bumping
* Mon Feb 25 2008 Steve Conklin <sconklin@redhat.com> - 0.7-10
- Added upstream patch to fix ipv6 cookie alen
* Thu Feb 14 2008 Steve Conklin <sconklin@redhat.com> - 0.7-9
- rebuild for gcc4.3
* Wed Dec 19 2007 Steve Conklin <sconklin@redhat.com> - 0.7-8
- sourced krb5-devel.sh to set path
* Tue Dec 18 2007 Steve Conklin <sconklin@redhatcom> - 0.7-7
- bumped for retag
* Tue Dec 18 2007 Steve Conklin <sconklin@redhat.com> - 0.7-6
- Added a patch for context size change
- Resolves #413331 racoon dies with buffer overflow in MCS/MLS loopback
* Fri Dec 7 2007 Steve Conklin <sconklin@redhat.com> - 0.7-5
- Bump for retagging
* Fri Dec 7 2007 Steve Conklin <sconklin@redhat.com> - 0.7-4
- Rebuild for dependencies
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #456660 - CVE-2008-3651 ipsec-tools: racoon memory leak caused by invalid proposals
https://bugzilla.redhat.com/show_bug.cgi?id=456660
[ 2 ] Bug #458846 - CVE-2008-3652 ipsec-tools: racoon orphaned ph1s memory leak
https://bugzilla.redhat.com/show_bug.cgi?id=458846
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ipsec-tools' at the command line.
For more information, refer to "Managing Software with yum",
available at
http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce