Fedora 25 : openvpn (2017-0d0f18140a)

This update brings in the latest OpenVPN v2.4.2 release. This release contains fixes for two authenticated remote DoS vulnerabilities CVE-2017-7478 and CVE-2017-7479. For more information see the upstream security announcement. Note that Tenable Network Security has extracted the preceding...

ALPINE-CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker...

Design/Logic Flaw

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...

CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker...

CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...

Authentication flaw

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker...

CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...

DEBIAN-CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker...

ALPINE-CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...

CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker...

EUVD-2017-16499

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...

CVE-2017-7479

OpenVPN is affected: versions before 2.3.15 and before 2.4.2 fail to correctly handle rollover of the packet-ID counter, enabling an authenticated attacker to cause a denial-of-service via application crash. Root cause is improper handling of packet-ID rollover. The issue is mitigated by upgradin...

CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...

CVE-2017-7478

CVE-2017-7478 affects OpenVPN 2.3.12 and later: an unauthenticated attacker can trigger a denial-of-service by sending an oversized P_CONTROL payload, causing the server to terminate. The issue is fixed in OpenVPN 2.3.15 and 2.4.2. mitigations include tls-auth/tls-crypt protection; advisories ind...

CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker...

CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...

CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker...

CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2...

CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker...

OpenVPN Audits Yield Mixed Bag

Two security audits of OpenVPN were recently carried out to look for bugs, backdoors, and other defects in the open source software; one found the software was cryptographically sound, while another found two legitimate vulnerabilities. The news comes after it was announced in December the SSL VP...