It's Borg Bug Day, and this week Cisco's issued patches of interest to users of its Adaptive Security Appliances ASAs .

The two newly-announced bugs are CVE-2016-1379, a VPN block memory exhaustion vulnerability; and CVE-2016-1385, a problem with the ASA XML parser.

The software has a bug in how it handles ICMP errors in IPsec packets, and crafted packets sent either through LAN-to-LAN or remote access VPN tunnels can deplete available memory .

That results in a denial-of-service, either because the system becomes unstable or it stops forwarding traffic.

The software is vulnerable if the user's using IKEv1 or IKEv2 for LAN-to-LAN VPNs, or remote access VPNs using Layer 2 Tunnelling Protocol and Ipsec; and if the system is validating ICMP errors.

The XML parser vulnerability is less serious, because it can only be exploited by an authenticated user.

The text above is a summary, you can read full article here.