[ubuntu/zesty-security] openvpn 2.4.0-4ubuntu1.2 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu May 11 14:15:57 UTC 2017

openvpn (2.4.0-4ubuntu1.2) zesty-security; urgency=medium

  * SECURITY UPDATE: pre-authentication denial-of-service vulnerability
    (both client and server) from a too-large control packet.
    - debian/patches/CVE-2017-7478.patch: Do not assert on too-large
      control packet
    - CVE-2017-7478
  * SECURITY UPDATE: authenticated remote DoS vulnerability due to
    packet ID rollover
    - debian/patches/CVE-2017-7479-prereq.patch: merge
      packet_id_alloc_outgoing() into packet_id_write()
    - debian/patches/CVE-2017-7478.patch: do not assert when packet ID
      rollover occurs
    - CVE-2017-7478
  * SECURITY UPDATE: auth tokens left in memory after de-auth
    - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token
      as soon as a TLS session is considered broken.

Date: 2017-05-11 09:38:18.493939+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Zesty-changes mailing list