OpenVPN security fix package released
Bug #1699716 reported by
Karsten W. Rohrbach
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
https:/
There are new packages available for 2.4.x and 2.3.x as of 2017-06-21
CVE-2017-7508 Remotely-
CVE-2017-7520 Pre-authentication remote crash/information disclosure for clients
CVE-2017-7521 Potential double-free in --x509-alt-username
CVE-2017-7512 Remote-triggerable memory leaks
CVE-2017-7522 Post-authentication remote DoS when using the --x509-track option
Plus several other minor fixes without CVE references.
description: | updated |
To post a comment you must log in.
Security updates have been issued. See the following USN for details:
https:/ /www.ubuntu. com/usn/ usn-3339- 1/
Note that Ubuntu is not affected by CVE-2017-7522 because we build against OpenSSL.