diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-10-31 13:53:05 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-10-31 14:08:29 +0100 |
| commit | ed9aafdb1736fd76fce97abe65eb693baa6b78e5 (patch) | |
| tree | d2d002cde7c7b2e70392aad1b4d238dd5af7d7ce | |
| parent | f062a22a7324de6096c775d4ab8941c168bc4c00 (diff) | |
| download | vyos-strongswan-ed9aafdb1736fd76fce97abe65eb693baa6b78e5.tar.gz vyos-strongswan-ed9aafdb1736fd76fce97abe65eb693baa6b78e5.zip | |
add patch for CVE-2013-6076
fix remote denial of service when using IKEv1
| -rw-r--r-- | debian/changelog | 3 | ||||
| -rw-r--r-- | debian/patches/CVE-2013-6076.patch | 27 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 30 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 20837542b..b55aaa63a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,10 @@ strongswan (5.1.0-3) UNRELEASED; urgency=high - * urgency=high for the security fix. + * urgency=high for the security fixes. * debian/patches - CVE-2013-6075 added, fix remote denial of service and authorization bypass. + - CVE-2013-6076 added, fix remote denial of service in IKEv1 code. -- Yves-Alexis Perez <corsac@debian.org> Thu, 24 Oct 2013 23:22:58 +0200 diff --git a/debian/patches/CVE-2013-6076.patch b/debian/patches/CVE-2013-6076.patch new file mode 100644 index 000000000..51f0ae37d --- /dev/null +++ b/debian/patches/CVE-2013-6076.patch @@ -0,0 +1,27 @@ +From d8867a8452eece3fffab29605f48e6bed47c42d4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Volker=20R=C3=BCmelin?= <vr_strongswan@t-online.de> +Date: Fri, 11 Oct 2013 09:38:24 +0200 +Subject: [PATCH] ikev1: Properly initialize list of fragments in case fragment + ID is 0 + +Fixes CVE-2013-6076. +--- + src/libcharon/sa/ikev1/task_manager_v1.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c +index 6d4ef14..597416e 100644 +--- a/src/libcharon/sa/ikev1/task_manager_v1.c ++++ b/src/libcharon/sa/ikev1/task_manager_v1.c +@@ -1273,7 +1273,7 @@ static status_t handle_fragment(private_task_manager_t *this, message_t *msg) + return FAILED; + } + +- if (this->frag.id != payload->get_id(payload)) ++ if (!this->frag.list || this->frag.id != payload->get_id(payload)) + { + clear_fragments(this, payload->get_id(payload)); + this->frag.list = linked_list_create(); +-- +1.8.1.2 + diff --git a/debian/patches/series b/debian/patches/series index 3db0e29a8..fadf557e2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ 01_fix-manpages.patch CVE-2013-6075.patch +CVE-2013-6076.patch |