oss-sec mailing list archives
CVE id request: strongswan
From: Nico Golde <oss-security+ml () ngolde de>
Date: Sun, 21 Jun 2009 19:25:25 +0200
Hi, the latest release fixes two new denial of service issues. From the changelog: - Applying their fuzzing tool, the Orange Labs vulnerability research team found another two DoS vulnerabilities, one in the rather old ASN.1 parser of Relative Distinguished Names (RDNs) and a second one in the conversion of ASN.1 UTCTIME and GENERALIZEDTIME strings to a time_t value. Malformed X.509 certificate RDNs or timestamps can cause the pluto IKE daemon to crash and restart. Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533837 Upstream patches: http://download.strongswan.org/patches/05_asn1_rdn_patch/ http://download.strongswan.org/patches/06_asn1_time_patch/ Can I get two CVE ids for this please? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE id request: strongswan Nico Golde (Jun 21)
- Re: CVE id request: strongswan Steven M. Christey (Jun 24)