Amazon Linux AMI : openvpn (ALAS-2017-920)

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. CVE-2017-12166 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon...

Medium: openvpn

Issue Overview: OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. CVE-2017-12166 Affected Packages: openvpn Issue Correction: Run yum update openvpn or yum update --advisory...

Fedora Update for openvpn FEDORA-2017-2aa4d11993

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: openvpn-2.4.4-1.fc25

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

openSUSE: Security Advisory for openvpn (openSUSE-SU-2017:2892-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : openvpn (openSUSE-2017-1202)

This update for openvpn fixes the following issues : - CVE-2017-12166: Lack of bound check in readkey in old legacy key handling before using values could be used for a remote buffer overflow bsc1060877. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C...

Security update for openvpn (important)

This update for openvpn fixes the following issues: - CVE-2017-12166: Lack of bound check in readkey in old legacy key handling before using values could be used for a remote buffer overflow bsc1060877. This update was imported from the SUSE:SLE-12:Update update project...

SUSE SLES11 Security Update : openvpn (SUSE-SU-2017:2838-1) (SWEET32)

This update for openvpn fixes the following security issues : - CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. bsc1060877. - CVE-2016-6329: Now show which ciphers should no longer be used in openvpn...

SUSE SLED12 / SLES12 Security Update : openvpn (SUSE-SU-2017:2839-1)

This update for openvpn fixes the following issues : - CVE-2017-12166: Lack of bound check in readkey in old legacy key handling before using values could be used for a remote buffer overflow bsc1060877. Note that Tenable Network Security has extracted the preceding description block directly fro...

SUSE-SU-2017:2838-1 Security update for openvpn

This update for openvpn fixes the following security issues: - CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. bsc1060877. - CVE-2016-6329: Now show which ciphers should no longer be used in openvpn...

SUSE-SU-2017:2839-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2017-12166: Lack of bound check in readkey in old legacy key handling before using values could be used for a remote buffer overflow bsc1060877...

MGASA-2017-0372 Updated openvpn packages fix security vulnerability

The bounds check in readkey was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0...

Updated openvpn packages fix security vulnerability

The bounds check in readkey was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0...

OpenVPN read_key Stack Based Buffer Overflow (CVE-2017-12166)

A stack-based buffer overflow vulnerability exists in OpenVPN. The vulnerability is due to a lack of bounds check on the length of key and HMAC lengths provided by the client. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted PCONTROLV1 message to a target...

OpenVPN 'read_key()' function buffer overflow vulnerability

OpenVPN is an open source VPN program. A buffer overflow vulnerability exists in the OpenVPN 'readkey' function, which allows remote attackers to exploit the vulnerability by submitting a special request that could crash the application or execute arbitrary code...

Fedora Update for openvpn FEDORA-2017-700915e34f

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenVPN 2.x < 2.3. 18/ 2.4.x < 2.4.4 Buffer Overflow Vulnerability w/ key-method 1

According to its self-reported version number, the version of OpenVPN installed on the remote host is affected by an error related to a weakness in the 'key-method 1' implementation which could allow buffer overflow attacks and result in unexpected code execution C Tenable Network Security, Inc...

[SECURITY] Fedora 27 Update: openvpn-2.4.4-1.fc27

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

[SECURITY] Fedora 27 Update: openvpn-2.4.4-1.fc27

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

CVE-2017-12166

OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution...