Описание
Security update for openvpn
This update for openvpn fixes the following issues:
- CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers (bsc#995374)
- CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709)
- CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711)
- Hardening measures found by internal audit (bsc#1038713)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2017:1638-1
- SUSE Security Ratings
Описание
OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack.
Затронутые продукты
Ссылки
- CVE-2016-6329
- SUSE Bug 1026864
- SUSE Bug 995374
Описание
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
Затронутые продукты
Ссылки
- CVE-2017-7478
- SUSE Bug 1038709
- SUSE Bug 1038713
Описание
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
Затронутые продукты
Ссылки
- CVE-2017-7479
- SUSE Bug 1038711
- SUSE Bug 1038713