UbuntuUpdates.org

Package "openvpn"

Name: openvpn

Description:

virtual private network daemon

Latest version: 2.2.1-8ubuntu1.5
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://www.openvpn.net/

Links


Download "openvpn"


Other versions of "openvpn" in Precise

Repository Area Version
base main 2.2.1-8ubuntu1
security main 2.2.1-8ubuntu1.5

Changelog

Version: 2.2.1-8ubuntu1.5 2021-05-03 16:06:19 UTC

  openvpn (2.2.1-8ubuntu1.5) precise-security; urgency=medium

  * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
    for clients
    - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
      OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
    - CVE-2017-7520
  * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
    - debian/patches/establish_http_proxy_passthru_dos.patch: fix
      null-pointer dereference in src/openvpn/proxy.c.
    - NO CVE number

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 02 Aug 2017 11:23:00 -0300

Source diff to previous version
CVE-2017-7520 Pre-authentication remote crash/information disclosure for clients

Version: 2.2.1-8ubuntu1.4 2014-12-02 17:06:26 UTC

  openvpn (2.2.1-8ubuntu1.4) precise-security; urgency=medium

  * SECURITY UPDATE: server denial of service via too-short control channel
    packets
    - debian/patches/CVE-2014-8104.patch: drop too-short control channel
      packets instead of asserting out in ssl.c.
    - CVE-2014-8104
  * debian/patches/update_certs.patch: update test certs to fix FTBFS.
 -- Marc Deslauriers <email address hidden> Mon, 01 Dec 2014 17:11:38 -0500

Source diff to previous version
CVE-2014-8104 DoS

Version: 2.2.1-8ubuntu1.3 2014-10-02 19:06:44 UTC

  openvpn (2.2.1-8ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: timing attack when using UDP mode
    - debian/patches/CVE-2013-2061.patch: use constant time memcmp when
      comparing HMACs in crypto.c, added warning to buffer.h.
    - CVE-2013-2061
 -- Marc Deslauriers <email address hidden> Tue, 30 Sep 2014 14:55:59 -0400

Source diff to previous version
CVE-2013-2061 The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive informat

Version: 2.2.1-8ubuntu1.2 2014-04-08 20:07:11 UTC

  openvpn (2.2.1-8ubuntu1.2) precise-proposed; urgency=low

  * d/p/lp992012-detect-openssl-properly.patch: fix "openssl.cnf file
    could be found" error using easy-rsa by parsing openssl version
    properly. (LP: #992012)
 -- Nobuto MURATA <email address hidden> Tue, 18 Feb 2014 14:35:32 +0900

Source diff to previous version
992012 No /openssl.cnf file could be found because of a wrong regex in whichopensslcnf

Version: 2.2.1-8ubuntu1.1 2013-03-28 17:06:42 UTC

  openvpn (2.2.1-8ubuntu1.1) precise-proposed; urgency=low

  [ Marc Gari��py ]
  * Add --script-security to the init.d script (was generated but not passed
    to openvpn). (LP: #1124398)
 -- Stephane Graber <email address hidden> Wed, 13 Feb 2013 16:17:34 -0500

1124398 openvpn --script-security is not working



About   -   Send Feedback to @ubuntu_updates