Описание
Security update for openvpn
This update for openvpn fixes the following issues:
- CVE-2018-9336: Fix potential double-free() in Interactive Service could lead to denial of service (bsc#1090839).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
openvpn-2.4.3-5.3.19
openvpn-auth-pam-plugin-2.4.3-5.3.19
openvpn-devel-2.4.3-5.3.19
Ссылки
- Link for SUSE-SU-2018:1888-1
- E-Mail link for SUSE-SU-2018:1888-1
- SUSE Security Ratings
- SUSE Bug 1090839
- SUSE CVE CVE-2018-9336 page
Описание
openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:openvpn-2.4.3-5.3.19
SUSE Linux Enterprise Module for Basesystem 15:openvpn-auth-pam-plugin-2.4.3-5.3.19
SUSE Linux Enterprise Module for Basesystem 15:openvpn-devel-2.4.3-5.3.19
Ссылки
- CVE-2018-9336
- SUSE Bug 1090647
- SUSE Bug 1090839