Ubuntu
tinc package

Unmaintained & Unpatched security flaws

Bug #1271365 reported by Immatix on 2014-01-21

This bug report is a duplicate of: Bug #1174763: Tinc VPN security issue (CVE-2013-1428). Edit Remove

This bug affects 1 person

	Status	Importance	Assigned to
tinc (Ubuntu)	Fix Released	Undecided	Unassigned
Lucid	New	Undecided	Unassigned
Precise	New	Undecided	Unassigned

Bug Description

The versions of this package are ridiculously outdated for older versions of Ubuntu, and versions older than 1.0.21 are probably vulnverable to CVE-2013-1428 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428 and http://tinc-vpn.org/security/) which involves a stack-based buffer overflow. This includes 1.0.11 on Lucid, 1.0.16 on Precise (the current LTS release), and also 1.0.19 on Quantal and Raring.

I can't see a reason why this package should not be kept up to date, at the very least on the LTS releases. I've managed to successfully compile 1.0.22 on Precise.

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2015-02-23:

fix released in trusty and up. affects lucid/precise only.

Changed in tinc (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1174763 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntutinc package

Unmaintained & Unpatched security flaws

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
tinc package