Advisories » MGASA-2015-0243

Updated ipsec-tools packages fix CVE-2015-4047

Publication date: 08 Jun 2015
Modification date: 08 Jun 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-4047

Description

Updated ipsec-tools packages fix security vulnerability:

Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key
Exchange daemon of ipsec-tools. A remote attacker can use this flaw to cause
the IKE daemon to crash via specially crafted UDP packets, resulting in a
denial of service (CVE-2015-4047).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16042
• https://www.debian.org/security/2015/dsa-3272
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4047

SRPMS

4/core

• ipsec-tools-0.8.1-2.1.mga4