Security vulnerabilities in openvpn in 16.04LTS
Bug #1691531 reported by
Jeff
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Openvpn 2.4 was audited by OSTIF and QuarksLab
QuarksLab found:
○ 1 Critical/High Vulnerability CVE-2017-7478
○ 1 Medium Vulnerability CVE-2017-7479
○ 5 Low or Informational Vulnerabilities / Concerns
Openvpn 2.4.2 was published to address the noted issues.
Openvpn 2.4.2 Link: https:/
Full report here: https:/
information type: | Private Security → Public Security |
Changed in openvpn (Ubuntu): | |
status: | New → Fix Released |
To post a comment you must log in.
Hi Jeff - Thanks for the bug report! We've released an update for these issues in Ubuntu 17.04, which is the only stable Ubuntu release that CVE-2017-7478 affected. CVE-2017-7479 also affects all stable Ubuntu releases before 17.04 but we rated it as a 'low' and, therefore, we won't release security updates unless a higher severity issue is found in openvpn. This is to reduce the chance of regression in an update that only addresses a low impact security issue.
We published an Ubuntu Security Notice for the Ubuntu 17.04 update:
https:/ /www.ubuntu. com/usn/ usn-3284- 1/
We also tweeted about it:
https:/ /twitter. com/ubuntu_ sec/status/ 864243702042177 536
I hope you'll find one of those information feeds helpful.