-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ipsec-tools Version : 1:0.8.0-14+deb7u1 CVE ID : CVE-2016-10396 Debian Bug : 867986
The racoon daemon in IPsec-Tools 0.8.2 and earlier contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. For Debian 7 "Wheezy", these problems have been fixed in version 1:0.8.0-14+deb7u2. We recommend that you upgrade your ipsec-tools packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEpNGebtPBMx7yU+olHNjYVP5CUsEFAll9X5cACgkQHNjYVP5C UsEypg//RloHMDufkX1hfHHs32dOH6zyzbfOCd4OZl1RRfx1JMdx8ZCYBvctTdya IfOtHgnItTdNes2WK2Qq4gsiBxSVw5zuVr6Oqy3DFKlcPdCntYf5lM5UecC0g2we MYwpKoEXraN6slDOyTQktzVhOzu3BYRJLpeCfhRJeFROhnlvhSE+PPQ8vFM2kSOn KBSMjKFdH6IS7EnY3r2SN4nlbGnV7NvUt7FB8I7eofQPVCU362nAkTAhNUOvmMkV efVDFvYv4Wm2FU8WlJ0HDOQWUbYtELVDUothbK4TJNa1WokcFif9lsLxOrUAF/94 I3zRarFSo3i6mkvFctytAh2/kidV0UEi+xkcOA5CA4cbsX+Fqt5a6WwrPe52pEFc HmVBnvWngXYctLyVOEpEcCljdZt0ldnMtAQyfDFpjh67lRiMRvCMQjpObLisZP8G c4nozFQRRBW+s94+tFjcKy4nQ+Jcjb+qUlc3HrM5M5qJlZYew3n9LqixcANRyYnR m6POz2ysTBQADKFtg7+HjJKBxzeAtfUy9qezE/1yLUTdzW4sSK9+FAB3VIjlhaCB 6+qsB3u/w7DeCSQjdpB2yxIR3YnqsRcaePh+7KEQRN8CCxZX2hb6Pjka0GJgjoPq lB8rD3lUKQ2DaDQBNUcIM8FjGJc/jNSeUXelBuR5shDovcNmYxU= =qQgW -----END PGP SIGNATURE-----
