[ubuntu/zesty-security] openvpn 2.4.0-4ubuntu1.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Jun 22 17:40:30 UTC 2017

openvpn (2.4.0-4ubuntu1.3) zesty-security; urgency=medium

  * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
    - debian/patches/CVE-2017-7508.patch: remove assert in
    - CVE-2017-7508
  * SECURITY UPDATE: Remote-triggerable memory leaks
    - debian/patches/CVE-2017-7512.patch: fix leaks in
    - CVE-2017-7512
  * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
    for clients
    - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
      OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
    - CVE-2017-7520
  * SECURITY UPDATE: Potential double-free in --x509-alt-username and
    memory leaks
    - debian/patches/CVE-2017-7521.patch: fix double-free in
    - CVE-2017-7521
  * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
    - debian/patches/establish_http_proxy_passthru_dos.patch: fix
      null-pointer dereference in src/openvpn/proxy.c.
    - No CVE number

Date: 2017-06-22 14:31:13.968857+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Zesty-changes mailing list