ALT Linux Team

Package openvpn update in t7 on 2017-05-15

ALT-PU-2017-1607-1

Package openvpn updated to version 2.4.2-alt0.M70T.2 for branch t7 in task 182962.

Closed vulnerabilities

Published: 2016-08-24

BDU:2019-04216

Уязвимость программного обеспечения OpenVPN, связанная с проблемами использования шифрования с 64-битным блоком, позволяющая нарушителю восстановить исходное сообщение

Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2017-02-01
Modified: 2024-11-21

CVE-2016-6329

OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2017-05-15
Modified: 2024-11-21

CVE-2017-7478

OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2017-05-15
Modified: 2024-11-21

CVE-2017-7479

OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:

Closed bugs

Bug #31085

Хорошо бы паковать openvpn-plugin.h

Bug #31145

Отсутствует /var/run/openvpn

Bug #32204

Broken systemd integration

Bug #32840

Проблема openvpn 2.3.12 при подключении через static key

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top