[ubuntu/zesty-security] openvpn 2.4.0-4ubuntu1.2 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Thu May 11 14:15:57 UTC 2017
openvpn (2.4.0-4ubuntu1.2) zesty-security; urgency=medium
* SECURITY UPDATE: pre-authentication denial-of-service vulnerability
(both client and server) from a too-large control packet.
- debian/patches/CVE-2017-7478.patch: Do not assert on too-large
control packet
- CVE-2017-7478
* SECURITY UPDATE: authenticated remote DoS vulnerability due to
packet ID rollover
- debian/patches/CVE-2017-7479-prereq.patch: merge
packet_id_alloc_outgoing() into packet_id_write()
- debian/patches/CVE-2017-7478.patch: do not assert when packet ID
rollover occurs
- CVE-2017-7478
* SECURITY UPDATE: auth tokens left in memory after de-auth
- debian/patches/wipe_tokens_on_de-auth.patch: always wipe token
as soon as a TLS session is considered broken.
Date: 2017-05-11 09:38:18.493939+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/openvpn/2.4.0-4ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Zesty-changes
mailing list