openvpn 2.3.10-1ubuntu2.1 source package in Ubuntu
Changelog
openvpn (2.3.10-1ubuntu2.1) xenial-security; urgency=medium
* SECURITY UPDATE: birthday attack when using 64-bit block cipher
- debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c,
src/openvpn/crypto_polarssl.c, tests/t_lpback.sh.
- CVE-2016-6329
* SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
- debian/patches/CVE-2017-7479-pre.patch: merge
packet_id_alloc_outgoing() into packet_id_write() in
src/openvpn/crypto.c, src/openvpn/packet_id.c,
src/openvpn/packet_id.h.
- debian/patches/CVE-2017-7479.patch: drop packets instead of assert
out if packet id rolls over in src/openvpn/crypto.c,
src/openvpn/packet_id.c, src/openvpn/packet_id.h.
- CVE-2017-7479
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 22 Jun 2017 10:32:09 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Xenial | security | main | net |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| openvpn_2.3.10.orig.tar.gz | 1.2 MiB | f8b0b5b92e35bbca1db1a7e6b49e04639e45634e9accd460459b40b2c99ec8f6 |
| openvpn_2.3.10-1ubuntu2.1.debian.tar.xz | 131.2 KiB | 234963c8457062df55516451b49df1c50617ca9f8b7a3d71b77f26f61a5e9bca |
| openvpn_2.3.10-1ubuntu2.1.dsc | 2.1 KiB | 255a01d05584bb58bd5f4147f533f2a6ba9be37d1d838887ef176e71e480f697 |
Available diffs
Binary packages built by this source
- openvpn: virtual private network daemon
OpenVPN is an application to securely tunnel IP networks over a
single UDP or TCP port. It can be used to access remote sites, make
secure point-to-point connections, enhance wireless security, etc.
.
OpenVPN uses all of the encryption, authentication, and certification
features provided by the OpenSSL library (any cipher, key size, or
HMAC digest).
.
OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It
also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels
over NAT or connection-oriented stateful firewalls (such as Linux's iptables).
- openvpn-dbgsym: debug symbols for package openvpn
OpenVPN is an application to securely tunnel IP networks over a
single UDP or TCP port. It can be used to access remote sites, make
secure point-to-point connections, enhance wireless security, etc.
.
OpenVPN uses all of the encryption, authentication, and certification
features provided by the OpenSSL library (any cipher, key size, or
HMAC digest).
.
OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It
also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels
over NAT or connection-oriented stateful firewalls (such as Linux's iptables).
