Описание
Security update for openvpn
This update for openvpn fixes the following issues:
- CVE-2017-12166: Lack of bound check in read_key in old legacy key handling before using values could be used for a remote buffer overflow (bsc#1060877).
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
openvpn-2.3.8-14.1
openvpn-auth-pam-plugin-2.3.8-14.1
openvpn-devel-2.3.8-14.1
openvpn-down-root-plugin-2.3.8-14.1
openSUSE Leap 42.3
openvpn-2.3.8-14.1
openvpn-auth-pam-plugin-2.3.8-14.1
openvpn-devel-2.3.8-14.1
openvpn-down-root-plugin-2.3.8-14.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2892-1
- SUSE Security Ratings
Описание
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.
Затронутые продукты
openSUSE Leap 42.2:openvpn-2.3.8-14.1
openSUSE Leap 42.2:openvpn-auth-pam-plugin-2.3.8-14.1
openSUSE Leap 42.2:openvpn-devel-2.3.8-14.1
openSUSE Leap 42.2:openvpn-down-root-plugin-2.3.8-14.1
Ссылки
- CVE-2017-12166
- SUSE Bug 1060877