Описание
Security update for openvpn
This update for openvpn fixes the following issues:
- CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers (bsc#995374)
- CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709)
- CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711)
- Hardening measures found by internal audit (bsc#1038713)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
openvpn-2.3.8-16.14.1
SUSE Linux Enterprise Server 12 SP2
openvpn-2.3.8-16.14.1
openvpn-auth-pam-plugin-2.3.8-16.14.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
openvpn-2.3.8-16.14.1
openvpn-auth-pam-plugin-2.3.8-16.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
openvpn-2.3.8-16.14.1
openvpn-auth-pam-plugin-2.3.8-16.14.1
Ссылки
- Link for SUSE-SU-2017:1622-1
- E-Mail link for SUSE-SU-2017:1622-1
- SUSE Security Ratings
- SUSE Bug 1038709
- SUSE Bug 1038711
- SUSE Bug 1038713
- SUSE Bug 995374
- SUSE CVE CVE-2016-6329 page
- SUSE CVE CVE-2017-7478 page
- SUSE CVE CVE-2017-7479 page
Описание
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1
SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1
SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1
Ссылки
- CVE-2016-6329
- SUSE Bug 1026864
- SUSE Bug 995374
Описание
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1
SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1
SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1
Ссылки
- CVE-2017-7478
- SUSE Bug 1038709
- SUSE Bug 1038713
Описание
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:openvpn-2.3.8-16.14.1
SUSE Linux Enterprise Server 12 SP2:openvpn-2.3.8-16.14.1
SUSE Linux Enterprise Server 12 SP2:openvpn-auth-pam-plugin-2.3.8-16.14.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:openvpn-2.3.8-16.14.1
Ссылки
- CVE-2017-7479
- SUSE Bug 1038711
- SUSE Bug 1038713