Branch t7 update bulletin.

Package openvpn updated to version 2.4.2-alt0.M70T.2 for branch t7 in task 182962.

Published: 2016-08-24

BDU:2019-04216

Уязвимость программного обеспечения OpenVPN, связанная с проблемами использования шифрования с 64-битным блоком, позволяющая нарушителю восстановить исходное сообщение

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

CVE-2016-6329

Published: 2017-02-01
Modified: 2024-11-21

CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2017-05-15
Modified: 2024-11-21

CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2017-05-15
Modified: 2024-11-21

CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Хорошо бы паковать openvpn-plugin.h

Отсутствует /var/run/openvpn

Broken systemd integration

Проблема openvpn 2.3.12 при подключении через static key

Version: 2.1.0

Branch t7 update on 2017-05-16

ALT-BU-2017-3120-1

ALT-PU-2017-1607-1

Closed vulnerabilities

BDU:2019-04216

CVE-2016-6329

CVE-2017-7478

CVE-2017-7479

Closed bugs

Bug #31085

Bug #31145

Bug #32204

Bug #32840