openvpn 2.4.0-4ubuntu1.2 source package in Ubuntu
Changelog
openvpn (2.4.0-4ubuntu1.2) zesty-security; urgency=medium
* SECURITY UPDATE: pre-authentication denial-of-service vulnerability
(both client and server) from a too-large control packet.
- debian/patches/CVE-2017-7478.patch: Do not assert on too-large
control packet
- CVE-2017-7478
* SECURITY UPDATE: authenticated remote DoS vulnerability due to
packet ID rollover
- debian/patches/CVE-2017-7479-prereq.patch: merge
packet_id_alloc_outgoing() into packet_id_write()
- debian/patches/CVE-2017-7478.patch: do not assert when packet ID
rollover occurs
- CVE-2017-7478
* SECURITY UPDATE: auth tokens left in memory after de-auth
- debian/patches/wipe_tokens_on_de-auth.patch: always wipe token
as soon as a TLS session is considered broken.
-- Steve Beattie <email address hidden> Wed, 10 May 2017 15:21:05 -0700
Upload details
- Uploaded by:
- Steve Beattie
- Uploaded to:
- Zesty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| openvpn_2.4.0.orig.tar.gz | 1.3 MiB | f21db525b3c03a9bbd0a7ab6d0e4fbaf8902f238bf53b8bc4e04f834e4e7caa4 |
| openvpn_2.4.0-4ubuntu1.2.debian.tar.xz | 58.0 KiB | 004aa6a83e70cd46c86f941e8e40278f06971409cee3d28be7d68780f5f96a0a |
| openvpn_2.4.0-4ubuntu1.2.dsc | 2.1 KiB | e1edd2ac0b1bf3ef51814940deea0987c533af1e666dbe9e7c2446c8c924b46f |
Available diffs
Binary packages built by this source
- openvpn: No summary available for openvpn in ubuntu zesty.
No description available for openvpn in ubuntu zesty.
- openvpn-dbgsym: No summary available for openvpn-dbgsym in ubuntu zesty.
No description available for openvpn-dbgsym in ubuntu zesty.
