SUSE SLES11 Security Update : openvpn (SUSE-SU-2017:1642-1)

This update for openvpn fixes the following issues : - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN wer...

SUSE SLED12 / SLES12 Security Update : openvpn (SUSE-SU-2017:1635-1)

This update for openvpn fixes the following issues : - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a quite inefficient DoS attack on the server...

FreeBSD : OpenVPN -- several vulnerabilities (9f65d382-56a4-11e7-83e3-080027ef73ec)

Samuli Seppanen reports : In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. ... The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17. This is a list of fixed important...

DLA-999-1 openvpn - security update

Bulletin has no description...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : openvpn (SSA:2017-172-01)

New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-172-01. The...

Critical RCE Flaw Found in OpenVPN that Escaped Two Recent Security Audits

A security researcher has found four vulnerabilities, including a critical remote code execution bug, in OpenVPN, those were not even caught in the two big security audits of the open source VPN software this year. OpenVPN is one of the most popular and widely used open source VPN software...

[slackware-security] openvpn

New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openvpn-2.3.17-i586-1slack14.2.txz: Upgraded. This update fixes several denial of service issues...

SUSE-SU-2017:1642-1 Security update for openvpn

This update for openvpn fixes the following issues: - It was possible to trigger an assertion by sending a malformed IPv6 packet. That issue could have been abused to remotely shutdown an openvpn server or client, if IPv6 and --mssfix were enabled and if the IPv6 networks used inside the VPN were...

SUSE-SU-2017:1635-1 Security update for openvpn

This update for openvpn fixes the following issues: - Some parts of the certificate-parsing code did not always clear all allocated memory. This would have allowed clients to leak a few bytes of memory for each connection attempt, thereby facilitating a quite inefficient DoS attack on the server...

OpenVPN Patches Critical Remote Code Execution Vulnerability

OpenVPN has this week patched four vulnerabilities, including a critical remote code execution bug, a little more than a month after the results of two security audits of the open source VPN software were published. The patches were released after private disclosures in May and June by researcher...

Security fix for the ALT Linux 9 package openvpn version June

June 21, 2017 Nikolay A. Fetisov 2.4.3-alt1 - New version - Security fixes: + CVE-2017-7522 Post-authentication --x509-track remote DoS + CVE-2017-7521 Post-authentication remote-triggerable memory leaks + CVE-2017-7521 Potential post-authentication remote code execution on servers that use the...

UBUNTU-CVE-2017-7520

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker...

CVE-2017-7508

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet...

SUSE SLED12 / SLES12 Security Update : openvpn (SUSE-SU-2017:1622-1) (SWEET32)

This update for openvpn fixes the following issues : - CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers bsc995374 - CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in PCONTROL bsc1038709 - CVE-2017-7479: openvpn: Denial of Servi...

UBUNTU-CVE-2017-7508

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet...

CVE-2017-7520

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive memory leak triggered by man-in-the-middle attacker...

CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...

UBUNTU-CVE-2017-7521

OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extractx509extension...

SUSE-SU-2017:1622-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers bsc995374 - CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in PCONTROL bsc1038709 - CVE-2017-7479: openvpn: Denial of Servic...

OpenVPN P_CONTROL Denial of Service (CVE-2017-7478)

A denial-of-service vulnerability exists in OpenVPN. This vulnerability is due to an assertion in OpenVPN server that can be reached during the processing of a malicious packet. A remote, unauthenticated attacker can exploit this vulnerability to cause the OpenVPN server program to terminate,...