openSUSE-SU-2018:1912-1

Опубликовано: 06 июл. 2018

Источник: suse-cvrf

Описание

Security update for openvpn

This update for openvpn fixes the following issues:

CVE-2018-9336: Fix potential double-free() in Interactive Service could lead to denial of service (bsc#1090839).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

openvpn-2.4.3-lp150.3.3.1

openvpn-auth-pam-plugin-2.4.3-lp150.3.3.1

openvpn-devel-2.4.3-lp150.3.3.1

openvpn-down-root-plugin-2.4.3-lp150.3.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00011.html
E-Mail link for openSUSE-SU-2018:1912-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation.

Затронутые продукты

openSUSE Leap 15.0:openvpn-2.4.3-lp150.3.3.1

openSUSE Leap 15.0:openvpn-auth-pam-plugin-2.4.3-lp150.3.3.1

openSUSE Leap 15.0:openvpn-devel-2.4.3-lp150.3.3.1

openSUSE Leap 15.0:openvpn-down-root-plugin-2.4.3-lp150.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-9336.html
CVE-2018-9336
https://bugzilla.suse.com/1090647
SUSE Bug 1090647
https://bugzilla.suse.com/1090839
SUSE Bug 1090839

openSUSE-SU-2018:1912-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-9336

Описание

Затронутые продукты

Ссылки