Publishing details

• Published on 2017-06-22
• Copied from ubuntu xenial in PPA for Ubuntu Security Proposed by Marc Deslauriers

Changelog

openvpn (2.3.10-1ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: birthday attack when using 64-bit block cipher
    - debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
      selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c,
      src/openvpn/crypto_polarssl.c, tests/t_lpback.sh.
    - CVE-2016-6329
  * SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
    - debian/patches/CVE-2017-7479-pre.patch: merge
      packet_id_alloc_outgoing() into packet_id_write() in
      src/openvpn/crypto.c, src/openvpn/packet_id.c,
      src/openvpn/packet_id.h.
    - debian/patches/CVE-2017-7479.patch: drop packets instead of assert
      out if packet id rolls over in src/openvpn/crypto.c,
      src/openvpn/packet_id.c, src/openvpn/packet_id.h.
    - CVE-2017-7479
  * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
    - debian/patches/CVE-2017-7508.patch: remove assert in
      src/openvpn/mss.c.
    - CVE-2017-7508
  * SECURITY UPDATE: Remote-triggerable memory leaks
    - debian/patches/CVE-2017-7512.patch: fix leaks in
      src/openvpn/ssl_verify_openssl.c.
    - CVE-2017-7512
  * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
    for clients
    - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
      OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
    - CVE-2017-7520
  * SECURITY UPDATE: Potential double-free in --x509-alt-username and
    memory leaks
    - debian/patches/CVE-2017-7521.patch: fix double-free in
      src/openvpn/ssl_verify_openssl.c.
    - CVE-2017-7521
  * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
    - debian/patches/establish_http_proxy_passthru_dos.patch: fix
      null-pointer dereference in src/openvpn/proxy.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Thu, 22 Jun 2017 10:32:09 -0400

Builds

• amd64
• arm64
• armhf
• i386
• powerpc
• ppc64el
• s390x

Built packages

• openvpn virtual private network daemon

• openvpn-dbgsym debug symbols for package openvpn

Package files

• openvpn-dbgsym_2.3.10-1ubuntu2.1_amd64.ddeb (695.3 KiB)
• openvpn-dbgsym_2.3.10-1ubuntu2.1_arm64.ddeb (694.1 KiB)
• openvpn-dbgsym_2.3.10-1ubuntu2.1_armhf.ddeb (657.7 KiB)
• openvpn-dbgsym_2.3.10-1ubuntu2.1_i386.ddeb (606.0 KiB)
• openvpn-dbgsym_2.3.10-1ubuntu2.1_powerpc.ddeb (658.9 KiB)
• openvpn-dbgsym_2.3.10-1ubuntu2.1_ppc64el.ddeb (770.9 KiB)
• openvpn-dbgsym_2.3.10-1ubuntu2.1_s390x.ddeb (640.2 KiB)
• openvpn_2.3.10-1ubuntu2.1.debian.tar.xz (131.2 KiB)
• openvpn_2.3.10-1ubuntu2.1.dsc (2.1 KiB)
• openvpn_2.3.10-1ubuntu2.1_amd64.deb (410.8 KiB)
• openvpn_2.3.10-1ubuntu2.1_arm64.deb (366.6 KiB)
• openvpn_2.3.10-1ubuntu2.1_armhf.deb (375.1 KiB)
• openvpn_2.3.10-1ubuntu2.1_i386.deb (438.3 KiB)
• openvpn_2.3.10-1ubuntu2.1_powerpc.deb (372.3 KiB)
• openvpn_2.3.10-1ubuntu2.1_ppc64el.deb (402.5 KiB)
• openvpn_2.3.10-1ubuntu2.1_s390x.deb (383.7 KiB)
• openvpn_2.3.10.orig.tar.gz (1.2 MiB)