Ubuntu
openvpn package

OpenVPN security fix package released

Bug #1699716 reported by Karsten W. Rohrbach
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openvpn (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

There are new packages available for 2.4.x and 2.3.x as of 2017-06-21

CVE-2017-7508 Remotely-triggerable ASSERT() on malformed IPv6 packet

CVE-2017-7520 Pre-authentication remote crash/information disclosure for clients

CVE-2017-7521 Potential double-free in --x509-alt-username

CVE-2017-7512 Remote-triggerable memory leaks

CVE-2017-7522 Post-authentication remote DoS when using the --x509-track option

Plus several other minor fixes without CVE references.

See original description
Karsten W. Rohrbach (byteborg)
description: updated
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Security updates have been issued. See the following USN for details:

  https://www.ubuntu.com/usn/usn-3339-1/

Note that Ubuntu is not affected by CVE-2017-7522 because we build against OpenSSL.

information type: Private Security → Public Security
Changed in openvpn (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.