Hello community, here is the log from the commit of package ipsec-tools checked in at Thu Apr 12 17:43:23 CEST 2007. -------- --- ipsec-tools/ipsec-tools.changes 2007-03-29 16:12:12.000000000 +0200 +++ /mounts/work_src_done/STABLE/ipsec-tools/ipsec-tools.changes 2007-04-12 11:41:25.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Apr 12 11:36:01 CEST 2007 - jbohac@jikos.cz + +- Fix a DoS in isakmp_info_recv (CVE-2007-1841, 260791) + +------------------------------------------------------------------- New: ---- fix-DoS.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ipsec-tools.spec ++++++ --- /var/tmp/diff_new_pack.p16820/_old 2007-04-12 17:37:58.000000000 +0200 +++ /var/tmp/diff_new_pack.p16820/_new 2007-04-12 17:37:58.000000000 +0200 @@ -13,7 +13,7 @@ Name: ipsec-tools BuildRequires: bison flex kernel-source krb5-devel openssl-devel pam pam-devel readline-devel Version: 0.6.5 -Release: 51 +Release: 54 License: BSD License and BSD-like Group: Productivity/Networking/Security Provides: racoon @@ -26,6 +26,7 @@ Patch2: gssapi-strict-aliasing.patch Patch3: racoon.conf_macros.patch Patch4: gssapi-fix.patch +Patch5: fix-DoS.patch Source1: racoon.init Source2: sysconfig.racoon Source3: setkey.conf.sample @@ -63,6 +64,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p0 %build %{suse_update_config -f . src/racoon} @@ -146,6 +148,8 @@ %{_mandir}/man*/* %changelog +* Thu Apr 12 2007 - jbohac@jikos.cz +- Fix a DoS in isakmp_info_recv (CVE-2007-1841, 260791) * Thu Mar 29 2007 - aj@suse.de - Add flex and bison to BuildRequires. * Thu May 04 2006 - jbohac@suse.cz ++++++ fix-DoS.patch ++++++ Fix a DoS in isakmp_info_recv. CVE-2007-1841 Bug #260791 Index: src/racoon/isakmp_inf.c =================================================================== RCS file: /cvsroot/ipsec-tools/ipsec-tools/src/racoon/isakmp_inf.c,v retrieving revision 1.14.4.9 diff -u -p -r1.14.4.9 isakmp_inf.c --- src/racoon/isakmp_inf.c 2 Aug 2005 15:09:26 -0000 1.14.4.9 +++ src/racoon/isakmp_inf.c 2 Apr 2007 12:52:07 -0000 @@ -267,12 +267,12 @@ isakmp_info_recv(iph1, msg0) switch (np) { case ISAKMP_NPTYPE_N: - if (isakmp_info_recv_n(iph1, msg) < 0) - goto end; + if ( encrypted ) + isakmp_info_recv_n(iph1, msg); break; case ISAKMP_NPTYPE_D: - if (isakmp_info_recv_d(iph1, msg) < 0) - goto end; + if ( encrypted ) + isakmp_info_recv_d(iph1, msg); break; case ISAKMP_NPTYPE_NONCE: /* XXX to be 6.4.2 ike-01.txt */ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org