[SECURITY] Fedora 39 Update: openvpn-2.6.8-1.fc39

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

Fedora: Security Advisory (FEDORA-2023-d9d55a0bfc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : openvpn (2023-d9d55a0bfc)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d9d55a0bfc advisory. This is an extended update of the OpenVPN 2.6.7 release which contains security fixes for CVE-2023-46849 and CVE-2023-46850. That release had a...

`openvpn-plugin-rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user TerryDavisSoldier to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longe...

SUSE CVE-2023-46850

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer...

Ubuntu: Security Advisory (USN-6484-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6484-1: OpenVPN vulnerabilities

It was discovered that OpenVPN incorrectly handled the --fragment option in certain configurations. A remote attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. CVE-2023-46849 It was discovered that OpenVPN incorrectly handled certain memory...

USN-6484-1 openvpn vulnerabilities

It was discovered that OpenVPN incorrectly handled the --fragment option in certain configurations. A remote attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. CVE-2023-46849 It was discovered that OpenVPN incorrectly handled certain memory...

Debian: Security Advisory (DSA-5555-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 23.04 / 23.10 : OpenVPN vulnerabilities (USN-6484-1)

The remote Ubuntu 23.04 / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6484-1 advisory. It was discovered that OpenVPN incorrectly handled the --fragment option in certain configurations. A remote attacker could possibly use this issue t...

[SECURITY] [DSA 5555-1] openvpn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5555-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2023 https://www.debian.org/security/faq -...

CVE-2023-46850

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer...

CVE-2023-46849

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service...

DSA-5555-1 openvpn - security update

Bulletin has no description...

FreeBSD : openvpn -- 2.6.0...2.6.6 --fragment option division by zero crash, and TLS data leak (2fe004f5-83fd-11ee-9f5d-31909fb2f495)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2fe004f5-83fd-11ee-9f5d-31909fb2f495 advisory. - Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6...

Debian DSA-5555-1 : openvpn - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5555 advisory. Two vulnerabilities were discovered in openvpn, a virtual private network application which could result in memory disclosure or denial of service. The oldstable...

UBUNTU-CVE-2023-46849

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service...

SUSE CVE-2023-46849

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service...

Use-After-Free

openvpn is vulnerable to Use-After-Free. The vulnerability occurs when sending network buffers to a remote peer, resulting in memory leak buffers or a potential remote execution...

Denial Of Service (DoS)

openvpn is vulnerable to Denial of Service DoS. The vulnerability allows a malicious attacker to trigger a divide by zero error resulting in an application crash...