Security vulnerabilities in openvpn in 16.04LTS
Bug #1691531 reported by
Jeff
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openvpn (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Openvpn 2.4 was audited by OSTIF and QuarksLab
QuarksLab found:
○ 1 Critical/High Vulnerability CVE-2017-7478
○ 1 Medium Vulnerability CVE-2017-7479
○ 5 Low or Informational Vulnerabilities / Concerns
Openvpn 2.4.2 was published to address the noted issues.
Openvpn 2.4.2 Link: https:/
Full report here: https:/
| information type: | Private Security → Public Security |
| Changed in openvpn (Ubuntu): | |
| status: | New → Fix Released |
Revision history for this message
| Tyler Hicks (tyhicks) wrote | #1 |
Revision history for this message
| Jeff (jdferron) wrote | #2 |
To post a comment you must log in.
Hi Jeff - Thanks for the bug report! We've released an update for these issues in Ubuntu 17.04, which is the only stable Ubuntu release that CVE-2017-7478 affected. CVE-2017-7479 also affects all stable Ubuntu releases before 17.04 but we rated it as a 'low' and, therefore, we won't release security updates unless a higher severity issue is found in openvpn. This is to reduce the chance of regression in an update that only addresses a low impact security issue.
We published an Ubuntu Security Notice for the Ubuntu 17.04 update:
https:/
We also tweeted about it:
https:/
I hope you'll find one of those information feeds helpful.