From: John E. <jo...@co...> - 2009-03-31 06:58:02
|
Hi All versions of Openswan appear to be vulnerable to a remote denial of service, where a packet from a remote attacker can cause the pluto IKE daemon to crash and restart: http://seclists.org/bugtraq/2009/Mar/0263.html -------- This bug affects the following software releases: Current branches: Openswan-2.6.20 and earlier Strongswan-4.2.13 and earlier Maintenance mode branches: Openswan-2.4.13 and earlier Strongswan-2.8.8 and earlier End of Life branches: Superfreeswan-1.9x Openswan-1.x Openswan-2.0.x - 2.3.1 Openswan-2.5.x Everyone is strongly encouraged to upgrade to these minimum versions: openswan-2.6.21 strongswan-4.2.14 openswan-2.4.14 strongswan-2.8.9 If you cannot upgrade to a new version, please apply the appropriate patch as listed at http://www.openswan.org/CVE-2009-0790/ -------- -- #---------------------------------------------------------# | John Edwards Email: jo...@co... | #---------------------------------------------------------# |