Package : ipsec-tools Vulnerability : missing input sanitising Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-2524
It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service.
The oldstable distribution (sarge) isn't affected by this problem.
For the stable distribution (etch) this problem has been fixed in version 1:0.6.6-3.1.
The unstable distribution (sid) will be fixed soon.
We recommend that you upgrade your racoon package.
Upgrade Instructions - ---------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch - --------------------------------