It's Borg Bug Day, and this week Cisco's issued patches of interest to users of its Adaptive Security Appliances ASAs .
The two newly-announced bugs are CVE-2016-1379, a VPN block memory exhaustion vulnerability; and CVE-2016-1385, a problem with the ASA XML parser.
The software has a bug in how it handles ICMP errors in IPsec packets, and crafted packets sent either through LAN-to-LAN or remote access VPN tunnels can deplete available memory .
That results in a denial-of-service, either because the system becomes unstable or it stops forwarding traffic.
The software is vulnerable if the user's using IKEv1 or IKEv2 for LAN-to-LAN VPNs, or remote access VPNs using Layer 2 Tunnelling Protocol and Ipsec; and if the system is validating ICMP errors.
The XML parser vulnerability is less serious, because it can only be exploited by an authenticated user.