Debian: Security Advisory (DSA-3900-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for openvpn (openSUSE-SU-2017:1680-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 26 Update: openvpn-2.4.3-1.fc26

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

Fedora Update for openvpn FEDORA-2017-0639fb1490

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: openvpn-2.4.3-1.fc25

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

Internet Bug Bounty: 4 severe remote + several minor OpenVPN vulnerabilities

CVE-2017-7521 Remote server crashes/double-free/memory leaks in certificate processing CVE-2017-7520 Remote including MITM client crash, data leak CVE-2017-7508 Remote server crash forced assertion failure CVE-2017-7522 Crash mbed TLS/PolarSSL-based server no cve Remote/mitm Null-pointer...

CVE-2017-7508

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet...

CVE-2017-7520

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker...

CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...

CVE-2017-7522

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character...

BSA-2017-339

Security Advisory ID : BSA-2017-339 Component : OpenVPN Revision : 2.0: Interim An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit anASSERT and stop running. To make the server hit theASSERT, the client must first cause th...

BSA-2017-337

Security Advisory ID : BSA-2017-337 Component : OpenVPN Revision : 2.0: Interim An authenticated client can do the 'three way handshake' PHARDRESET, PHARDRESET, PCONTROL, where the PCONTROL packet is the first that is allowed to carry payload. If that payload is too big, theOpenVPNserver process...

Ubuntu 14.04 LTS / 16.04 LTS : OpenVPN vulnerabilities (USN-3339-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3339-1 advisory. Karthikeyan Bhargavan and Gatan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could...

Debian DLA-999-1 : openvpn security update

It was discovered that there were multiple out-of-bounds memory read vulnerabilities in openvpn, a popular virtual private network VPN daemon. If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle attacker could cause the client to crash or disclose at most 96 bytes of stack...

Ubuntu: Security Advisory (USN-3339-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 999-1] openvpn security update

Package : openvpn Version : 2.2.1-8+deb7u5 CVE ID : CVE-2017-7520 Debian Bug : 865480 It was discovered that there were multiple out-of-bounds memory read vulnerabilities in openvpn, a popular virtual private network VPN daemon. If clients used a HTTP proxy with NTLM authentication, a...

USN-3339-1: OpenVPN vulnerabilities

Karthikeyan Bhargavan and Gaëtan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warni...

USN-3339-1 openvpn vulnerabilities

Karthikeyan Bhargavan and Gaëtan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warni...

OpenVPN Server-Side Denial of Service Vulnerability

OpenVPN is a software package from the American company OpenVPN for creating encrypted tunnels for Virtual Private Networks VPNs, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using public keys, electronic certificates, or...

DLA-999-1 openvpn - security update

Bulletin has no description...