Issued:
2008-08-26
Updated:
2008-08-26

RHSA-2008:0849 - Security Advisory

Synopsis

Important: ipsec-tools security update

Type/Severity

Security Advisory: Important

Topic

An updated ipsec-tools package that fixes two security issues is now
available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The ipsec-tools package is used in conjunction with the IPsec functionality
in the Linux kernel and includes racoon, an IKEv1 keying daemon.

Two denial of service flaws were found in the ipsec-tools racoon daemon. It
was possible for a remote attacker to cause the racoon daemon to consume
all available memory. (CVE-2008-3651, CVE-2008-3652)

Users of ipsec-tools should upgrade to this updated package, which contains
backported patches that resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 5.2 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.2 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.2 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 456660 - CVE-2008-3651 ipsec-tools: racoon memory leak caused by invalid proposals
  • BZ - 458846 - CVE-2008-3652 ipsec-tools: racoon orphaned ph1s memory leak

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
ipsec-tools-0.6.5-9.el5_2.3.src.rpm SHA-256: 0f6461a7b3f04662326889a01b2d7ea97910da35847e9d4f17e2a3aa0f8aaffe
x86_64
ipsec-tools-0.6.5-9.el5_2.3.x86_64.rpm SHA-256: cb5c89961b47912c94aaa8fc1d1f13eaabb9892e52e50885d90f3a1856db1235
ia64
ipsec-tools-0.6.5-9.el5_2.3.ia64.rpm SHA-256: 7b14aedc55a68cfb53d28d5b00234560da6221b469694ad71e7af36471ea3db3
i386
ipsec-tools-0.6.5-9.el5_2.3.i386.rpm SHA-256: 2de9e61fa18fbca58a10c981eb725afefb8cb077062bb6653c31ef75bd429c3c

Red Hat Enterprise Linux Server 4

SRPM
ipsec-tools-0.3.3-7.el4_7.src.rpm SHA-256: 6a6681b0ac0e4c87af8f222ab264c146d11b9ee27200fd5a8343f58257f76b9a
x86_64
ipsec-tools-0.3.3-7.el4_7.x86_64.rpm SHA-256: 2533c1239b69e05d4e5937a0dd13cbb38b21e4ae5e23fb8a426bec1b3751e146
ipsec-tools-0.3.3-7.el4_7.x86_64.rpm SHA-256: 2533c1239b69e05d4e5937a0dd13cbb38b21e4ae5e23fb8a426bec1b3751e146
ia64
ipsec-tools-0.3.3-7.el4_7.ia64.rpm SHA-256: 196895c39d050df91d35902c6199394556fa853494b9727fcf7d7d96aeb3397a
ipsec-tools-0.3.3-7.el4_7.ia64.rpm SHA-256: 196895c39d050df91d35902c6199394556fa853494b9727fcf7d7d96aeb3397a
i386
ipsec-tools-0.3.3-7.el4_7.i386.rpm SHA-256: a89550dd07e253625dbca84b6bb817b2707cb5c65b00383165e504f4942c3d48
ipsec-tools-0.3.3-7.el4_7.i386.rpm SHA-256: a89550dd07e253625dbca84b6bb817b2707cb5c65b00383165e504f4942c3d48

Red Hat Enterprise Linux Server - Extended Update Support 4.7

SRPM
ipsec-tools-0.3.3-7.el4_7.src.rpm SHA-256: 6a6681b0ac0e4c87af8f222ab264c146d11b9ee27200fd5a8343f58257f76b9a
x86_64
ipsec-tools-0.3.3-7.el4_7.x86_64.rpm SHA-256: 2533c1239b69e05d4e5937a0dd13cbb38b21e4ae5e23fb8a426bec1b3751e146
ipsec-tools-0.3.3-7.el4_7.x86_64.rpm SHA-256: 2533c1239b69e05d4e5937a0dd13cbb38b21e4ae5e23fb8a426bec1b3751e146
ia64
ipsec-tools-0.3.3-7.el4_7.ia64.rpm SHA-256: 196895c39d050df91d35902c6199394556fa853494b9727fcf7d7d96aeb3397a
ipsec-tools-0.3.3-7.el4_7.ia64.rpm SHA-256: 196895c39d050df91d35902c6199394556fa853494b9727fcf7d7d96aeb3397a
i386
ipsec-tools-0.3.3-7.el4_7.i386.rpm SHA-256: a89550dd07e253625dbca84b6bb817b2707cb5c65b00383165e504f4942c3d48
ipsec-tools-0.3.3-7.el4_7.i386.rpm SHA-256: a89550dd07e253625dbca84b6bb817b2707cb5c65b00383165e504f4942c3d48

Red Hat Enterprise Linux Workstation 5

SRPM
ipsec-tools-0.6.5-9.el5_2.3.src.rpm SHA-256: 0f6461a7b3f04662326889a01b2d7ea97910da35847e9d4f17e2a3aa0f8aaffe
x86_64
ipsec-tools-0.6.5-9.el5_2.3.x86_64.rpm SHA-256: cb5c89961b47912c94aaa8fc1d1f13eaabb9892e52e50885d90f3a1856db1235
i386
ipsec-tools-0.6.5-9.el5_2.3.i386.rpm SHA-256: 2de9e61fa18fbca58a10c981eb725afefb8cb077062bb6653c31ef75bd429c3c

Red Hat Enterprise Linux Workstation 4

SRPM
ipsec-tools-0.3.3-7.el4_7.src.rpm SHA-256: 6a6681b0ac0e4c87af8f222ab264c146d11b9ee27200fd5a8343f58257f76b9a
x86_64
ipsec-tools-0.3.3-7.el4_7.x86_64.rpm SHA-256: 2533c1239b69e05d4e5937a0dd13cbb38b21e4ae5e23fb8a426bec1b3751e146
ia64
ipsec-tools-0.3.3-7.el4_7.ia64.rpm SHA-256: 196895c39d050df91d35902c6199394556fa853494b9727fcf7d7d96aeb3397a
i386
ipsec-tools-0.3.3-7.el4_7.i386.rpm SHA-256: a89550dd07e253625dbca84b6bb817b2707cb5c65b00383165e504f4942c3d48

Red Hat Enterprise Linux Desktop 5

SRPM
ipsec-tools-0.6.5-9.el5_2.3.src.rpm SHA-256: 0f6461a7b3f04662326889a01b2d7ea97910da35847e9d4f17e2a3aa0f8aaffe
x86_64
ipsec-tools-0.6.5-9.el5_2.3.x86_64.rpm SHA-256: cb5c89961b47912c94aaa8fc1d1f13eaabb9892e52e50885d90f3a1856db1235
i386
ipsec-tools-0.6.5-9.el5_2.3.i386.rpm SHA-256: 2de9e61fa18fbca58a10c981eb725afefb8cb077062bb6653c31ef75bd429c3c

Red Hat Enterprise Linux Desktop 4

SRPM
ipsec-tools-0.3.3-7.el4_7.src.rpm SHA-256: 6a6681b0ac0e4c87af8f222ab264c146d11b9ee27200fd5a8343f58257f76b9a
x86_64
ipsec-tools-0.3.3-7.el4_7.x86_64.rpm SHA-256: 2533c1239b69e05d4e5937a0dd13cbb38b21e4ae5e23fb8a426bec1b3751e146
i386
ipsec-tools-0.3.3-7.el4_7.i386.rpm SHA-256: a89550dd07e253625dbca84b6bb817b2707cb5c65b00383165e504f4942c3d48

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
ipsec-tools-0.6.5-9.el5_2.3.src.rpm SHA-256: 0f6461a7b3f04662326889a01b2d7ea97910da35847e9d4f17e2a3aa0f8aaffe
s390x
ipsec-tools-0.6.5-9.el5_2.3.s390x.rpm SHA-256: eaba9900f5996b8ab5c9487127be2671d1c2f1e87b963ac583040184a27d25db

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
ipsec-tools-0.3.3-7.el4_7.src.rpm SHA-256: 6a6681b0ac0e4c87af8f222ab264c146d11b9ee27200fd5a8343f58257f76b9a
s390x
ipsec-tools-0.3.3-7.el4_7.s390x.rpm SHA-256: c5086752fad362936bf4aaa4b5591f7e7c88601be09f8a7072d6cac7ba3dd92e
s390
ipsec-tools-0.3.3-7.el4_7.s390.rpm SHA-256: 766d335e50f9055450c67527018c1637f3f61be6f569e7e678bd4e7e13334a99

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
ipsec-tools-0.3.3-7.el4_7.src.rpm SHA-256: 6a6681b0ac0e4c87af8f222ab264c146d11b9ee27200fd5a8343f58257f76b9a
s390x
ipsec-tools-0.3.3-7.el4_7.s390x.rpm SHA-256: c5086752fad362936bf4aaa4b5591f7e7c88601be09f8a7072d6cac7ba3dd92e
s390
ipsec-tools-0.3.3-7.el4_7.s390.rpm SHA-256: 766d335e50f9055450c67527018c1637f3f61be6f569e7e678bd4e7e13334a99

Red Hat Enterprise Linux for Power, big endian 5

SRPM
ipsec-tools-0.6.5-9.el5_2.3.src.rpm SHA-256: 0f6461a7b3f04662326889a01b2d7ea97910da35847e9d4f17e2a3aa0f8aaffe
ppc
ipsec-tools-0.6.5-9.el5_2.3.ppc.rpm SHA-256: 925739a8fec18b24a995cdde722adbf425f54269dd2ce4404debb6b2e3ee00dd

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ipsec-tools-0.3.3-7.el4_7.src.rpm SHA-256: 6a6681b0ac0e4c87af8f222ab264c146d11b9ee27200fd5a8343f58257f76b9a
ppc
ipsec-tools-0.3.3-7.el4_7.ppc.rpm SHA-256: 8d3734fd4580604a4f93fb57cca9a65fb70c695250bd92a7797e9a67afbc2736

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
ipsec-tools-0.3.3-7.el4_7.src.rpm SHA-256: 6a6681b0ac0e4c87af8f222ab264c146d11b9ee27200fd5a8343f58257f76b9a
ppc
ipsec-tools-0.3.3-7.el4_7.ppc.rpm SHA-256: 8d3734fd4580604a4f93fb57cca9a65fb70c695250bd92a7797e9a67afbc2736

Red Hat Enterprise Linux Server from RHUI 5

SRPM
ipsec-tools-0.6.5-9.el5_2.3.src.rpm SHA-256: 0f6461a7b3f04662326889a01b2d7ea97910da35847e9d4f17e2a3aa0f8aaffe
x86_64
ipsec-tools-0.6.5-9.el5_2.3.x86_64.rpm SHA-256: cb5c89961b47912c94aaa8fc1d1f13eaabb9892e52e50885d90f3a1856db1235
i386
ipsec-tools-0.6.5-9.el5_2.3.i386.rpm SHA-256: 2de9e61fa18fbca58a10c981eb725afefb8cb077062bb6653c31ef75bd429c3c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.