[ubuntu/zesty-security] openvpn 2.4.0-4ubuntu1.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Jun 22 17:40:30 UTC 2017
openvpn (2.4.0-4ubuntu1.3) zesty-security; urgency=medium
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
Date: 2017-06-22 14:31:13.968857+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openvpn/2.4.0-4ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Zesty-changes
mailing list