Subject: pkg/32158: pkgsrc ipsec-tools vuln, can't upgrade
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <peter@boku.net>
List: pkgsrc-bugs
Date: 11/24/2005 14:14:00
>Number: 32158
>Category: pkg
>Synopsis: pkgsrc ipsec-tools vuln, can't upgrade
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Nov 24 14:14:00 +0000 2005
>Originator: Peter Eisch
>Release: NetBSD-2.0.2_STABLE
>Organization:
>Environment:
NetBSD buster 2.0.2_STABLE NetBSD 2.0.2_STABLE (PETER-FW) #2: Tue Aug 16 20:18:56 CDT 2005 peter@buster:/builds/netbsd-2-0/i386/obj/builds/netbsd-2-0/src/sys/arch/i386/compile/PETER-FW i386
>Description:
current audit-packages reports:
Running /etc/security.local:
Package ipsec-tools-0.6b2 has a 1525,denial-of-service vulnerability, see http://secunia.com/advisories/17668/
But when I attempt to upgrade to a modern pkgsrc version I'm presented with:
===> ipsec-tools-0.6.3 is not available for NetBSD-2.0.2_STABLE-i386
Upon further review, I find:
...
ONLY_FOR_PLATFORM= NetBSD-[3-9].*-* Linux-2.[6-9].*-*
...
How can this be? Does this mean that I have to migrate my vpn concentrators (which otherwise perform nicely) to Linux to run on a stable OS release?
>How-To-Repeat:
install pkgsrc/security/ipsec-tools from 0.6.3 or earlier.
>Fix:
Reload system with RedHat.