<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<tt>Oracle VM Security Advisory OVMSA-2009-0010<br>
<br>
The following updated rpms for Oracle VM 2.1 have been uploaded to the
Unbreakable Linux Network:<br>
<br>
i386:<br>
ipsec-tools-0.6.5-13.el5_3.1.i386.rpm<br>
<br>
<br>
SRPMS:<br>
<a class="moz-txt-link-freetext"
href="http://oss.oracle.com/oraclevm/server/SRPMS-updates/ipsec-tools-0.6.5-13.el5_3.1.src.rpm">http://oss.oracle.com/oraclevm/server/SRPMS-updates/ipsec-tools-0.6.5-13.el5_3.1.src.rpm</a><br>
<br>
<br>
Description of changes:<br>
<br>
</tt>
<pre>Following security fixes is released in this errata:</pre>
<tt><a linkindex="10"
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574">CVE-2009-1574</a><br>
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote
attackers to cause a denial of service (crash) via crafted fragmented
packets without a payload, which triggers a NULL pointer dereference.<br>
<br>
<a linkindex="11"
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632">CVE-2009-1632</a><br>
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
attackers to cause a denial of service (memory consumption) via
vectors involving (1) signature verification during user
authentication with X.509 certificates, related to the
eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2)
the NAT-Traversal (aka NAT-T) keepalive implementation, related to
src/racoon/nattraversal.c.<br>
<br>
<a linkindex="20"
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651">CVE-2008-3651</a><br>
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools
before 0.7.1 allows remote authenticated users to cause a denial of
service (memory consumption) via invalid proposals.<br>
<br>
<a linkindex="21"
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652">CVE-2008-3652</a><br>
src/racoon/handler.c in racoon in ipsec-tools does not remove an
"orphaned ph1" (phase 1) handle when it has been initiated remotely,
which allows remote attackers to cause a denial of service (resource
consumption).</tt><br>
<tt><br>
[0.6.5-13.1]<br>
- fix nul dereference in frag code and some memory leaks (#497990)<br>
<br>
[0.6.5-13]<br>
- also do not destroy ports in ph2 (#231604)<br>
<br>
[0.6.5-12]<br>
- improved fix for cleanup of IPSEC SAs in SADB (#231604)<br>
<br>
[0.6.5-11]<br>
- fix cleanup of IPSEC SAs in SADB (#231604)<br>
- fix segfault in timer (#378551)<br>
- handle new interfaces immediately (#247301)<br>
- eliminate debug logging overhead when log level is lower (#248567)<br>
- use the adminsock_path as specified on the command line (#247294)<br>
- link only necessary libraries (#458631)<br>
- make racoon PIE executable (#210023)<br>
- fix for DoS through various memory leaks (CVE-2008-3651 #456660,<br>
CVE-2008-3652 #458846)<br>
<br>
[0.6.5-10]<br>
- use the current kernel headers instead of the private copy (#446979)<br>
<br>
[0.6.5-9]<br>
- Resolves: rhbz#435803 - update pfkeyv2.h with new #defines<br>
<br>
</tt>
</body>
</html>