Format: 1.8
Date: Thu, 22 Jun 2017 10:32:09 -0400
Source: openvpn
Binary: openvpn
Architecture: armhf armhf_translations
Version: 2.3.10-1ubuntu2.1
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos01-arm64-031.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 openvpn    - virtual private network daemon
Changes:
 openvpn (2.3.10-1ubuntu2.1) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: birthday attack when using 64-bit block cipher
     - debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
       selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c,
       src/openvpn/crypto_polarssl.c, tests/t_lpback.sh.
     - CVE-2016-6329
   * SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
     - debian/patches/CVE-2017-7479-pre.patch: merge
       packet_id_alloc_outgoing() into packet_id_write() in
       src/openvpn/crypto.c, src/openvpn/packet_id.c,
       src/openvpn/packet_id.h.
     - debian/patches/CVE-2017-7479.patch: drop packets instead of assert
       out if packet id rolls over in src/openvpn/crypto.c,
       src/openvpn/packet_id.c, src/openvpn/packet_id.h.
     - CVE-2017-7479
   * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
     - debian/patches/CVE-2017-7508.patch: remove assert in
       src/openvpn/mss.c.
     - CVE-2017-7508
   * SECURITY UPDATE: Remote-triggerable memory leaks
     - debian/patches/CVE-2017-7512.patch: fix leaks in
       src/openvpn/ssl_verify_openssl.c.
     - CVE-2017-7512
   * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
     for clients
     - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
       OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
     - CVE-2017-7520
   * SECURITY UPDATE: Potential double-free in --x509-alt-username and
     memory leaks
     - debian/patches/CVE-2017-7521.patch: fix double-free in
       src/openvpn/ssl_verify_openssl.c.
     - CVE-2017-7521
   * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
     - debian/patches/establish_http_proxy_passthru_dos.patch: fix
       null-pointer dereference in src/openvpn/proxy.c.
     - No CVE number
Checksums-Sha1:
 2bbc9099752a5fd805697f15b22396a9f617cfd6 673440 openvpn-dbgsym_2.3.10-1ubuntu2.1_armhf.ddeb
 cebc75e8f8e6c46a7ffc40889be174d0d705a27c 384072 openvpn_2.3.10-1ubuntu2.1_armhf.deb
 208ceca5ecd50b65c1efb82a378114e2ea50724f 27529 openvpn_2.3.10-1ubuntu2.1_armhf_translations.tar.gz
Checksums-Sha256:
 a5bed245e56fa27198ce7b4a6340a52a47aae869346845293fec522b9dac6c3a 673440 openvpn-dbgsym_2.3.10-1ubuntu2.1_armhf.ddeb
 69d458ac4fb6d8c62b59e2bcb52641ce11fcab3e0d03af70543475c77e8fa276 384072 openvpn_2.3.10-1ubuntu2.1_armhf.deb
 d6655d60fec6a5fe07a9b6540299c0d21fb6bd4c25d8c1abf0a44c6fb1d9f695 27529 openvpn_2.3.10-1ubuntu2.1_armhf_translations.tar.gz
Files:
 8edc9e65b912ac29de48f3f5870f75bc 673440 net extra openvpn-dbgsym_2.3.10-1ubuntu2.1_armhf.ddeb
 722dad2199e565219aa33255637e8c2b 384072 net optional openvpn_2.3.10-1ubuntu2.1_armhf.deb
 e80ab3c4dd7eb02dae010be0e9ebea41 27529 raw-translations - openvpn_2.3.10-1ubuntu2.1_armhf_translations.tar.gz
Original-Maintainer: Alberto Gonzalez Iniesta <agi@inittab.org>