Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2017:2838-1
HistoryOct 24, 2017 - 3:07 p.m.

Security update for openvpn (important)

2017-10-2415:07:23
lists.opensuse.org
58

0.236 Low

EPSS

Percentile

96.1%

JSON

This update for openvpn fixes the following security issues:

  • CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow
    vulnerability when key-method 1 is used, possibly resulting in code
    execution. (bsc#1060877).
  • CVE-2016-6329: Now show which ciphers should no longer be used in
    openvpn --show-ciphers to avoid the SWEET32 attack (bsc#995374)
  • CVE-2017-7478: OpenVPN was vulnerable to unauthenticated Denial of
    Service of server via received large control packet. (bsc#1038709)
  • CVE-2017-7479: OpenVPN was vulnerable to reachable assertion when
    packet-ID counter rolls over resulting into Denial of Service of server
    by authenticated attacker. (bsc#1038711)
  • Some other hardening fixes have also been applied (bsc#1038713)
OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server11.4s390xopenvpn< 2.0.9-143.47.3.1openvpn-2.0.9-143.47.3.1.s390x.rpm
SUSE Linux Enterprise Debuginfo11.3x86_64openvpn-debuginfo< 2.0.9-143.47.3.1openvpn-debuginfo-2.0.9-143.47.3.1.x86_64.rpm
SUSE Linux Enterprise Point of Sale11.3i586openvpn-auth-pam-plugin< 2.0.9-143.47.3.1openvpn-auth-pam-plugin-2.0.9-143.47.3.1.i586.rpm
SUSE Linux Enterprise Server11.4ia64openvpn< 2.0.9-143.47.3.1openvpn-2.0.9-143.47.3.1.ia64.rpm
SUSE Linux Enterprise Debuginfo11.3s390xopenvpn-debuginfo< 2.0.9-143.47.3.1openvpn-debuginfo-2.0.9-143.47.3.1.s390x.rpm
SUSE Linux Enterprise Debuginfo11.3i586openvpn-debugsource< 2.0.9-143.47.3.1openvpn-debugsource-2.0.9-143.47.3.1.i586.rpm
SUSE Linux Enterprise Server LTSS11.3x86_64openvpn-auth-pam-plugin< 2.0.9-143.47.3.1openvpn-auth-pam-plugin-2.0.9-143.47.3.1.x86_64.rpm
SUSE Linux Enterprise Server LTSS11.3i586openvpn< 2.0.9-143.47.3.1openvpn-2.0.9-143.47.3.1.i586.rpm
SUSE Linux Enterprise Server11.4ppc64openvpn-auth-pam-plugin< 2.0.9-143.47.3.1openvpn-auth-pam-plugin-2.0.9-143.47.3.1.ppc64.rpm
SUSE Linux Enterprise Debuginfo11.4x86_64openvpn-debugsource< 2.0.9-143.47.3.1openvpn-debugsource-2.0.9-143.47.3.1.x86_64.rpm
Rows per page:
1-10 of 341

Related

nessus 28
suse 5
openvas 15
freebsd 2
threatpost 1
fedora 10
mageia 3
ubuntu 2
altlinux 2
archlinux 2
cve 4
veracode 3
debiancve 4
prion 4
packetstorm 1
osv 6
ubuntucve 4
amazon 2
zdt 1
checkpoint_advisories 2
debian 5
alpinelinux 2
f5 3
gentoo 1
ibm 6
symantec 1
fortinet 1
ics 1
kitploit 1
nessus
nessus
SUSE SLES11 Security Update : openvpn (SUSE-SU-2017:2838-1) (SWEET32)
2017-10-25 00:00:00
openSUSE Security Update : openvpn (openSUSE-2017-717) (SWEET32)
2017-06-30 00:00:00
SUSE SLED12 / SLES12 Security Update : openvpn (SUSE-SU-2017:1622-1) (SWEET32)
2017-06-21 00:00:00
suse
suse
Security update for openvpn (important)
2017-06-20 12:11:37
Security update for openvpn (important)
2017-10-28 00:16:50
Security update for openvpn (important)
2017-10-24 15:08:21
openvas
openvas
Fedora Update for openvpn FEDORA-2017-0d0f18140a
2017-05-15 00:00:00
Ubuntu Update for openvpn USN-3284-1
2017-05-12 00:00:00
Fedora Update for openvpn FEDORA-2017-f426acf49d
2017-05-25 00:00:00
freebsd
freebsd
OpenVPN -- two remote denial-of-service vulnerabilities
2017-05-10 00:00:00
OpenVPN -- out-of-bounds write in legacy key-method 1
2017-09-21 00:00:00
threatpost
threatpost
OpenVPN Audits Yield Mixed Bag
2017-05-15 17:12:09
fedora
fedora
[SECURITY] Fedora 26 Update: openvpn-2.4.2-1.fc26
2017-05-14 20:26:52
[SECURITY] Fedora 25 Update: openvpn-2.4.2-1.fc25
2017-05-15 04:45:01
[SECURITY] Fedora 24 Update: openvpn-2.3.16-1.fc24
2017-05-24 04:56:54
mageia
mageia
Updated openvpn packages fix security vulnerability
2017-06-02 00:25:58
Updated openvpn packages fix security vulnerability
2017-10-18 23:19:34
Updated openvpn packages fix security vulnerability
2016-09-16 12:27:13
ubuntu
ubuntu
OpenVPN vulnerabilities
2017-05-11 00:00:00
OpenVPN vulnerabilities
2017-06-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openvpn version 2.4.2-alt1
2017-05-14 00:00:00
Security fix for the ALT Linux 9 package openvpn version 2.4.4-alt1
2017-11-18 00:00:00
archlinux
archlinux
[ASA-201705-16] openvpn: denial of service
2017-05-13 00:00:00
[ASA-201709-21] openvpn: arbitrary code execution
2017-09-28 00:00:00
cve
cve
CVE-2017-12166
2017-10-04 01:29:00
CVE-2017-7479
2017-05-15 18:29:00
CVE-2017-7478
2017-05-15 18:29:00
veracode
veracode
Denial Of Service (DoS)
2022-05-07 06:01:53
Denial Of Service (DoS)
2020-09-21 06:29:14
Sweet32 Attack
2020-09-21 06:32:55
debiancve
debiancve
CVE-2017-12166
2017-10-04 01:29:00
CVE-2017-7478
2017-05-15 18:29:00
CVE-2017-7479
2017-05-15 18:29:00
prion
prion
Buffer overflow
2017-10-04 01:29:00
Authentication flaw
2017-05-15 18:29:00
Design/Logic Flaw
2017-05-15 18:29:00
packetstorm
packetstorm
OpenVPN 2.4.0 Denial Of Service
2017-05-12 00:00:00
osv
osv
CVE-2017-12166
2017-10-04 01:29:02
CVE-2017-7478
2017-05-15 18:29:00
CVE-2017-7479
2017-05-15 18:29:00
ubuntucve
ubuntucve
CVE-2017-12166
2017-10-04 00:00:00
CVE-2017-7478
2017-05-11 00:00:00
CVE-2017-7479
2017-05-11 00:00:00
amazon
amazon
Medium: openvpn
2017-11-02 20:19:00
Medium: openvpn
2016-09-27 10:30:00
zdt
zdt
OpenVPN 2.4.0 - Unauthenticated Denial of Service Exploit
2017-05-11 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenVPN read_key Stack Based Buffer Overflow (CVE-2017-12166)
2017-10-15 00:00:00
OpenVPN P_CONTROL Denial of Service (CVE-2017-7478)
2017-06-11 00:00:00
debian
debian
[SECURITY] [DLA 944-1] openvpn security update
2017-05-16 14:17:31
[SECURITY] [DLA 2992-1] openvpn security update
2022-05-03 12:18:13
[BSA-116] Security Update for openvpn
2017-07-05 07:52:52
alpinelinux
alpinelinux
CVE-2017-7479
2017-05-15 18:29:00
CVE-2017-7478
2017-05-15 18:29:00
f5
f5
K30315990 : OpenVPN vulnerability CVE-2016-6329
2016-09-12 00:00:00
SOL30315990 - OpenVPN vulnerability CVE-2016-6329
2016-09-12 00:00:00
SOL22071504 - September 2016 OpenSSL security vulnerability announcement
2016-09-22 00:00:00
gentoo
gentoo
OpenVPN: Multiple vulnerabilities
2016-11-01 00:00:00
ibm
ibm
Security Bulletin: IBM b-type Network/Storage switches are affected by Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN (openssl ,redhat,openVPN) vulnerabilities.
2018-10-01 21:25:01
Security Bulletin: IBM Cisco Switches and Directors vulnerable to Sweet32 Birthday attacks (CVE-2016-2183 CVE-2016-6329).
2022-04-11 15:07:09
Security Bulletin: Vulnerabilities in 64-bit block ciphers affects IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2016-2183, CVE-2016-6329)
2021-04-26 21:17:25
symantec
symantec
SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish
2016-12-22 08:00:00
fortinet
fortinet
Protect
2019-02-07 00:00:00
ics
ics
Siemens SIMATIC RF6XXR
2019-07-11 12:00:00
kitploit
kitploit
CATSploit - An Automated Penetration Testing Tool Using Cyber Attack Techniques Scoring
2024-01-08 11:30:00

0.236 Low

EPSS

Percentile

96.1%

JSON
Related for SUSE-SU-2017:2838-1
nessus28suse5openvas15freebsd2threatpost1fedora10mageia3ubuntu2altlinux2archlinux2cve4veracode3debiancve4prion4packetstorm1osv6ubuntucve4amazon2zdt1checkpoint_advisories2debian5alpinelinux2f53gentoo1ibm6symantec1fortinet1ics1kitploit1