Package openvpn updated to version 2.4.2-alt1 for branch sisyphus in task 182960.

Published: 2017-05-15
Modified: 2024-11-21

CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

98444
98444
1038473
1038473
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
41993
41993

Published: 2017-05-15
Modified: 2024-11-21

CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

DSA-3900
DSA-3900
98443
98443
1038473
1038473
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits

Version: 2.1.0

Package openvpn update in sisyphus on 2017-05-15

ALT-PU-2017-1606-1

Closed vulnerabilities

CVE-2017-7478

CVE-2017-7479