[IPCop-devel] CVE-2009-0790 - Openswan remote denial of service

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi

All versions of Openswan appear to be vulnerable to a remote
denial of service, where a packet from a remote attacker can
cause the pluto IKE daemon to crash and restart:
	http://seclists.org/bugtraq/2009/Mar/0263.html

--------
This bug affects the following software releases:

Current branches:

Openswan-2.6.20 and earlier
Strongswan-4.2.13 and earlier

Maintenance mode branches:

Openswan-2.4.13 and earlier
Strongswan-2.8.8 and earlier

End of Life branches:

Superfreeswan-1.9x
Openswan-1.x
Openswan-2.0.x - 2.3.1
Openswan-2.5.x

Everyone is strongly encouraged to upgrade to these minimum versions:

openswan-2.6.21
strongswan-4.2.14

openswan-2.4.14
strongswan-2.8.9

If you cannot upgrade to a new version, please apply the appropriate
patch as listed at http://www.openswan.org/CVE-2009-0790/ 
--------

-- 
#---------------------------------------------------------#
|    John Edwards   Email: jo...@co...    |
#---------------------------------------------------------#

[IPCop-devel] CVE-2009-0790 - Openswan remote denial of service

Linux firewall distribution geared towards home and SOHO users.

[IPCop-devel] CVE-2009-0790 - Openswan remote denial of service