---

Mandrakelinux Advisories: freeswan, ipsec-tools, php


Mandrakelinux Security Update Advisory


Package name: freeswan
Advisory ID: MDKSA-2004:070
Date: July 14th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi
Network Firewall 8.2


Problem Description:

Thomas Walpuski discovered a vulnerability in the X.509 handling
of super-freeswan, openswan, strongSwan, and FreeS/WAN with the
X.509 patch applied. This vulnerability allows an attacker to make
up their own Certificate Authority that can allow them to
impersonate the identity of a valid DN. As well, another hole
exists in the CA checking code that could create an endless loop in
certain instances.

Mandrakesoft encourages all users who use FreeS/WAN or
super-freeswan to upgrade to the updated packages which are patched
to correct these flaws.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0590

http://lists.openswan.org/pipermail/dev/2004-June/000369.html

http://www.openswan.org/support/vuln/can-2004-0590/


Updated Packages:

Mandrakelinux 10.0:
6c597ac14ac13e281d2f685e01cfb120
10.0/RPMS/freeswan-2.04-3.1.100mdk.i586.rpm
72975d40cd986612150eca445d123c69
10.0/RPMS/super-freeswan-1.99.8-8.1.100mdk.i586.rpm
d26a97f445182fd6d37da1f0cb8b3a4a
10.0/RPMS/super-freeswan-doc-1.99.8-8.1.100mdk.i586.rpm
6428713ada795017334807aae1b8b9e1
10.0/SRPMS/freeswan-2.04-3.1.100mdk.src.rpm
0a8ea26452bf9275aca1f1b95c9997cc
10.0/SRPMS/super-freeswan-1.99.8-8.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
3ae552614dc10d672956e82cc062ef40
amd64/10.0/RPMS/freeswan-2.04-3.1.100mdk.amd64.rpm
46d4b962019ca063a938057a817a015b
amd64/10.0/RPMS/super-freeswan-1.99.8-8.1.100mdk.amd64.rpm
143b47584e409e517f2462a2311b37d8
amd64/10.0/RPMS/super-freeswan-doc-1.99.8-8.1.100mdk.amd64.rpm
6428713ada795017334807aae1b8b9e1
amd64/10.0/SRPMS/freeswan-2.04-3.1.100mdk.src.rpm
0a8ea26452bf9275aca1f1b95c9997cc
amd64/10.0/SRPMS/super-freeswan-1.99.8-8.1.100mdk.src.rpm

Corporate Server 2.1:
5b7577b574dcbb4244f08546aa45f372
corporate/2.1/RPMS/freeswan-1.98b-3.1.C21mdk.i586.rpm
9b95691493ac84ad3ddce6f10f24ea0f
corporate/2.1/SRPMS/freeswan-1.98b-3.1.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
3dfdb78ce29582b6734f61c2c0973936
x86_64/corporate/2.1/RPMS/freeswan-1.98b-3.1.C21mdk.x86_64.rpm
9b95691493ac84ad3ddce6f10f24ea0f
x86_64/corporate/2.1/SRPMS/freeswan-1.98b-3.1.C21mdk.src.rpm

Mandrakelinux 9.1:
1093013e9c096abc37376c121c61c129
9.1/RPMS/freeswan-1.99-3.1.91mdk.i586.rpm
c186b6edc304f4c8543ff7acb93fbca4
9.1/SRPMS/freeswan-1.99-3.1.91mdk.src.rpm

Mandrakelinux 9.2:
193ed47d74da8b50811e2103fffef056
9.2/RPMS/freeswan-2.01-2.1.92mdk.i586.rpm
5a5c99eedc7a9df65b8d4e3d02501cfe
9.2/SRPMS/freeswan-2.01-2.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
45a782c82322e0f7c4377118475d5036
amd64/9.2/RPMS/freeswan-2.01-2.1.92mdk.amd64.rpm
5a5c99eedc7a9df65b8d4e3d02501cfe
amd64/9.2/SRPMS/freeswan-2.01-2.1.92mdk.src.rpm

Multi Network Firewall 8.2:
023520bddf59be203bda9eba76d29033
mnf8.2/RPMS/freeswan-1.98b-2.2.M82mdk.i586.rpm
d0d04c3d0a1842ab7cbfc8eae726113a
mnf8.2/SRPMS/freeswan-1.98b-2.2.M82mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: ipsec-tools
Advisory ID: MDKSA-2004:069
Date: July 14th, 2004 Affected versions: 10.0


Problem Description:

A vulnerability in racoon prior to version 20040408a would allow
a remote attacker to cause a DoS (memory consumption) via an ISAKMP
packet with a large length field.

Another vulnerability in racoon was discovered where, when using
RSA signatures, racoon would validate the X.509 certificate but
would not validate the signature. This can be exploited by an
attacker sending a valid and trusted X.509 certificate and any
private key. Using this, they could perform a man-in-the-middle
attack and initiate an unauthorized connection. This has been fixed
in ipsec-tools 0.3.3.

The updated packages contain patches backported from 0.3.3 to
correct the problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0403


Updated Packages:

Mandrakelinux 10.0:
d08dd4e8cc6a05a76dc47f80d566d137
10.0/RPMS/ipsec-tools-0.2.5-0.2.100mdk.i586.rpm
a3714e12936a4ed9db1438056eab451f
10.0/RPMS/libipsec-tools0-0.2.5-0.2.100mdk.i586.rpm
f1b257c9ba3246fc613b5626d3cd4c0e
10.0/SRPMS/ipsec-tools-0.2.5-0.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
8b2e591752ca3993bf7d9990663740a4
amd64/10.0/RPMS/ipsec-tools-0.2.5-0.2.100mdk.amd64.rpm
7a02dfbed6e643882cd869035b6054d8
amd64/10.0/RPMS/lib64ipsec-tools0-0.2.5-0.2.100mdk.amd64.rpm
f1b257c9ba3246fc613b5626d3cd4c0e
amd64/10.0/SRPMS/ipsec-tools-0.2.5-0.2.100mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>


Mandrakelinux Security Update Advisory


Package name: php
Advisory ID: MDKSA-2004:068
Date: July 14th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi
Network Firewall 8.2


Problem Description:

Stefan Esser discovered a remotely exploitable vulnerability in
PHP where a remote attacker could trigger a memory_limit request
termination in places where an interruption is unsafe. This could
be used to execute arbitrary code.

As well, Stefan Esser also found a vulnerability in the handling
of allowed tags within PHP’s strip_tags() function. This could lead
to a number of XSS issues on sites that rely on strip_tags();
however, this only seems to affect the Internet Explorer and Safari
browsers.

The updated packages have been patched to correct the problem
and all users are encouraged to upgrade immediately.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595

http://security.e-matters.de/advisories/112004.html

http://security.e-matters.de/advisories/122004.html


Updated Packages:

Mandrakelinux 10.0:
62cdddfba4a6efda574d9a7fbade926a
10.0/RPMS/libphp_common432-4.3.4-4.1.100mdk.i586.rpm
c71dc50bc4db1eef210dcdb17bfefb84
10.0/RPMS/php-cgi-4.3.4-4.1.100mdk.i586.rpm
41ec866b7f9017e5e9697f758d96b7dd
10.0/RPMS/php-cli-4.3.4-4.1.100mdk.i586.rpm
6cf53b4acfaf964f2ad27c26c7522850
10.0/RPMS/php432-devel-4.3.4-4.1.100mdk.i586.rpm
805c5ba7b90fd4e53fc09b46d2e4c00c
10.0/SRPMS/php-4.3.4-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
8f7909d54dca79d0778754a78447c378
amd64/10.0/RPMS/lib64php_common432-4.3.4-4.1.100mdk.amd64.rpm
378466839541330d72df496acc9cd9da
amd64/10.0/RPMS/php-cgi-4.3.4-4.1.100mdk.amd64.rpm
3e6b698ba65fd6acb035d97f7c872c79
amd64/10.0/RPMS/php-cli-4.3.4-4.1.100mdk.amd64.rpm
62693eda687695449ff61aee7af8b844
amd64/10.0/RPMS/php432-devel-4.3.4-4.1.100mdk.amd64.rpm
805c5ba7b90fd4e53fc09b46d2e4c00c
amd64/10.0/SRPMS/php-4.3.4-4.1.100mdk.src.rpm

Corporate Server 2.1:
e1326fedc5957661efd6eec69c4e66cf
corporate/2.1/RPMS/php-4.2.3-4.2.C21mdk.i586.rpm
31337953ddfec7c379c8bcad70e97f7f
corporate/2.1/RPMS/php-common-4.2.3-4.2.C21mdk.i586.rpm
346f004bb741c5d3a279d495eadc61c5
corporate/2.1/RPMS/php-devel-4.2.3-4.2.C21mdk.i586.rpm
91ef39ceeb256c72f449ebd2f73fdc3a
corporate/2.1/RPMS/php-pear-4.2.3-4.2.C21mdk.i586.rpm
06a1c08156a866f9b78e1949df881425
corporate/2.1/SRPMS/php-4.2.3-4.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
da53a0003ad75379dd473ca297c9b4f0
x86_64/corporate/2.1/RPMS/php-4.2.3-4.2.C21mdk.x86_64.rpm
190da4dbf19fd83c3e8b2db3ebe7e186
x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.2.C21mdk.x86_64.rpm

7c32a33ced47f7feaf47f801718b6d8d
x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.2.C21mdk.x86_64.rpm
0a747e5e17d82642f77cdfee44afe201
x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.2.C21mdk.x86_64.rpm
06a1c08156a866f9b78e1949df881425
x86_64/corporate/2.1/SRPMS/php-4.2.3-4.2.C21mdk.src.rpm

Mandrakelinux 9.1:
53e9be87d1e87c11384c78e656fb045b
9.1/RPMS/libphp_common430-430-11.2.91mdk.i586.rpm
d726c6e61503ace236d41e96dd2aacc4
9.1/RPMS/php-cgi-4.3.1-11.2.91mdk.i586.rpm
c0f0638a6977b0747b9cef6421f0baa2
9.1/RPMS/php-cli-4.3.1-11.2.91mdk.i586.rpm
846433aa57319fcf5ab760bb784c7f60
9.1/RPMS/php430-devel-430-11.2.91mdk.i586.rpm
68d0872d095bdb4976541debcdaa11d7
9.1/SRPMS/php-4.3.1-11.2.91mdk.src.rpm

Mandrakelinux 9.1/PPC:
929514cf49ddeb4ac321b20ffa6fdb49
ppc/9.1/RPMS/libphp_common430-430-11.2.91mdk.ppc.rpm
429cafb67ce1e36012eabad5c46d0a26
ppc/9.1/RPMS/php-cgi-4.3.1-11.2.91mdk.ppc.rpm
0bab7923e30ccaf668a04b41925adc0b
ppc/9.1/RPMS/php-cli-4.3.1-11.2.91mdk.ppc.rpm
af5f2be485dad26cb88103f3373a8188
ppc/9.1/RPMS/php430-devel-430-11.2.91mdk.ppc.rpm
68d0872d095bdb4976541debcdaa11d7
ppc/9.1/SRPMS/php-4.3.1-11.2.91mdk.src.rpm

Mandrakelinux 9.2:
f731f578cdb9d458c4880a48f20c0027
9.2/RPMS/libphp_common432-4.3.3-2.1.92mdk.i586.rpm
732ba08087b14490c057a9454c6b706d
9.2/RPMS/php-cgi-4.3.3-2.1.92mdk.i586.rpm
d7aeca9053611e06ddeeb374ebc38fd5
9.2/RPMS/php-cli-4.3.3-2.1.92mdk.i586.rpm
dfdbda0df15baea7861646b4c42eb1d2
9.2/RPMS/php432-devel-4.3.3-2.1.92mdk.i586.rpm
8495c4332df4f8262d3f0b9b2b781739
9.2/SRPMS/php-4.3.3-2.1.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
7440678e5a938931b88953232c5c2a46
amd64/9.2/RPMS/lib64php_common432-4.3.3-2.1.92mdk.amd64.rpm
4375a9c46be6b1ef103959253b469035
amd64/9.2/RPMS/php-cgi-4.3.3-2.1.92mdk.amd64.rpm
3cd4c385732e3b31b9f20fa93b6a7ee5
amd64/9.2/RPMS/php-cli-4.3.3-2.1.92mdk.amd64.rpm
dbf7471c02799c02a32e46a727ee87f3
amd64/9.2/RPMS/php432-devel-4.3.3-2.1.92mdk.amd64.rpm
8495c4332df4f8262d3f0b9b2b781739
amd64/9.2/SRPMS/php-4.3.3-2.1.92mdk.src.rpm

Multi Network Firewall 8.2:
f91aac5bc43fa5c79317b8dd2d6fbfb2
mnf8.2/RPMS/php-common-4.1.2-1.3.M82mdk.i586.rpm
9805edbc685f9418c54e9ea20f968b15
mnf8.2/SRPMS/php-4.1.2-1.3.M82mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis