diff options
-rw-r--r-- | debian/changelog | 10 | ||||
-rw-r--r-- | debian/patches/CVE-2013-6075.patch | 27 | ||||
-rw-r--r-- | debian/patches/CVE-2013-6076.patch | 27 | ||||
-rw-r--r-- | debian/patches/series | 2 |
4 files changed, 66 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index d253808b2..ba7f8a9fd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -38,6 +38,16 @@ strongswan (5.1.1-1) UNRELEASED; urgency=low -- Romain Francoise <rfrancoise@debian.org> Tue, 29 Oct 2013 20:01:37 +0100 +strongswan (5.1.0-3) unstable; urgency=high + + * urgency=high for the security fixes. + * debian/patches + - CVE-2013-6075 added, fix remote denial of service and authorization + bypass. + - CVE-2013-6076 added, fix remote denial of service in IKEv1 code. + + -- Yves-Alexis Perez <corsac@debian.org> Tue, 29 Oct 2013 21:07:04 +0100 + strongswan (5.1.0-2) unstable; urgency=medium * urgency=medium since we already spent 16 days in unstable and the fix is diff --git a/debian/patches/CVE-2013-6075.patch b/debian/patches/CVE-2013-6075.patch new file mode 100644 index 000000000..d50616a60 --- /dev/null +++ b/debian/patches/CVE-2013-6075.patch @@ -0,0 +1,27 @@ +From aa277adfc204b6bda2c3792710138f9a8723a8f1 Mon Sep 17 00:00:00 2001 +From: Martin Willi <martin@revosec.ch> +Date: Mon, 7 Oct 2013 14:21:57 +0200 +Subject: [PATCH] identification: Properly check length before comparing for + binary DN equality + +Fixes CVE-2013-6075. +--- + src/libstrongswan/utils/identification.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c +index 5df3e5f..9c43ad5 100644 +--- a/src/libstrongswan/utils/identification.c ++++ b/src/libstrongswan/utils/identification.c +@@ -602,7 +602,7 @@ static bool compare_dn(chunk_t t_dn, chunk_t o_dn, int *wc) + } + } + /* try a binary compare */ +- if (memeq(t_dn.ptr, o_dn.ptr, t_dn.len)) ++ if (chunk_equals(t_dn, o_dn)) + { + return TRUE; + } +-- +1.8.1.2 + diff --git a/debian/patches/CVE-2013-6076.patch b/debian/patches/CVE-2013-6076.patch new file mode 100644 index 000000000..51f0ae37d --- /dev/null +++ b/debian/patches/CVE-2013-6076.patch @@ -0,0 +1,27 @@ +From d8867a8452eece3fffab29605f48e6bed47c42d4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Volker=20R=C3=BCmelin?= <vr_strongswan@t-online.de> +Date: Fri, 11 Oct 2013 09:38:24 +0200 +Subject: [PATCH] ikev1: Properly initialize list of fragments in case fragment + ID is 0 + +Fixes CVE-2013-6076. +--- + src/libcharon/sa/ikev1/task_manager_v1.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c +index 6d4ef14..597416e 100644 +--- a/src/libcharon/sa/ikev1/task_manager_v1.c ++++ b/src/libcharon/sa/ikev1/task_manager_v1.c +@@ -1273,7 +1273,7 @@ static status_t handle_fragment(private_task_manager_t *this, message_t *msg) + return FAILED; + } + +- if (this->frag.id != payload->get_id(payload)) ++ if (!this->frag.list || this->frag.id != payload->get_id(payload)) + { + clear_fragments(this, payload->get_id(payload)); + this->frag.list = linked_list_create(); +-- +1.8.1.2 + diff --git a/debian/patches/series b/debian/patches/series index 2cf256b6c..fadf557e2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,3 @@ 01_fix-manpages.patch +CVE-2013-6075.patch +CVE-2013-6076.patch |