Fedora 22 : openvpn-2.3.10-1.fc22 (2016-51195e6b92)

https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 23 : openvpn-2.3.10-1.fc23 (2016-e91ca003d4)

https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

OpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing

Samuli Seppänen reports: OpenVPN 2.3.11 ... fixes two vulnerabilities: a port-share bug with DoS potential and a buffer overflow by user supplied data when using pam authentication...

Protecting Personal Information: Freedom Box

FreedomBox is a personal server that protects your privacy. It hosts on demand applications such as file sharing, shared calendaring, instant messaging, secure voice conference calling, blog and wiki. FreedomBox is a free software stack, a subset of the Debian universal operating system, that can...

Fedora Update for openvpn FEDORA-2016-51195

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 22 Update: openvpn-2.3.10-1.fc22

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for...

MGASA-2016-0010 Updated openvpn packages fix security vulnerability

OpenVPN versions before 2.3.9 contain an out of bounds read error in resolveremote in the file socket.c. With both IPv4 and IPv6 connections, OpenVPN will read a struct sockaddrin6, but in the IPv4 case the data structure is smaller than in the IPv6 case. The openvpn package has been updated to...

Updated openvpn packages fix security vulnerability

OpenVPN versions before 2.3.9 contain an out of bounds read error in resolveremote in the file socket.c. With both IPv4 and IPv6 connections, OpenVPN will read a struct sockaddrin6, but in the IPv4 case the data structure is smaller than in the IPv6 case. The openvpn package has been updated to...

[SECURITY] Fedora 23 Update: openvpn-2.3.10-1.fc23

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for...

openvpn: out-of-bound read

The code always tried to copy-out a "struct sockaddrin6" even for IPv4 results, which reads more bytes than getaddrinfo is guaranteed to allocate...

OpenVPN Gather Credentials

This module grab OpenVPN credentials from a running process in Linux. Note: --auth-nocache must not be set in the OpenVPN command line. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenVPN...

SUSE: Security Advisory for openvpn (SUSE-SU-2014:1694-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory for OpenVPN (SUSE-SU-2014:1605-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 201412-41

Gentoo Linux Local Security Checks GLSA 201412-41 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Gentoo Security Advisory GLSA 201311-13

Gentoo Linux Local Security Checks GLSA 201311-13 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-459)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2013-201)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenVPN Access Server Detection (SSH Login)

SSH login-based detection of OpenVPN Access Server. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenVPN Access Server Default Credentials (SSH)

The remote OpenVPN Access Server is using known default credentials. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 srctrack, 2 usemfstmpsize, or 3 usemfsvarsize parameter to systemadvancedmisc.php; the 4 port, 5 snaplen, or 6 count parameter to diagpacketcapture.php...