Package "openvpn"
Name: |
openvpn
|
Description: |
virtual private network daemon
|
Latest version: |
2.3.2-7ubuntu3.2 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Homepage: |
http://www.openvpn.net/ |
Links
Download "openvpn"
Other versions of "openvpn" in Trusty
Changelog
openvpn (2.3.2-7ubuntu3.2) trusty-security; urgency=medium
* SECURITY UPDATE: birthday attack when using 64-bit block cipher
- debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c.
- CVE-2016-6329
* SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
- debian/patches/CVE-2017-7479-pre.patch: merge
packet_id_alloc_outgoing() into packet_id_write() in
src/openvpn/crypto.c, src/openvpn/packet_id.c,
src/openvpn/packet_id.h.
- debian/patches/CVE-2017-7479.patch: drop packets instead of assert
out if packet id rolls over in src/openvpn/crypto.c,
src/openvpn/packet_id.c, src/openvpn/packet_id.h.
- CVE-2017-7479
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 22 Jun 2017 10:51:34 -0400
|
Source diff to previous version |
CVE-2016-6329 |
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duratio |
CVE-2017-7479 |
RESERVED |
CVE-2017-7508 |
Remotely-triggerable ASSERT() on malformed IPv6 packet |
CVE-2017-7512 |
RESERVED |
CVE-2017-7520 |
Pre-authentication remote crash/information disclosure for clients |
CVE-2017-7521 |
Potential double-free in --x509-alt-username and memory leaks |
|
openvpn (2.3.2-7ubuntu3.1) trusty-security; urgency=medium
* SECURITY UPDATE: server denial of service via too-short control channel
packets
- debian/patches/CVE-2014-8104.patch: drop too-short control channel
packets instead of asserting out in src/openvpn/ssl.c.
- CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.
-- Marc Deslauriers <email address hidden> Mon, 01 Dec 2014 17:10:01 -0500
|
|
About
-
Send Feedback to @ubuntu_updates