Advisories » MGASA-2016-0010

Updated openvpn packages fix security vulnerability

Publication date: 12 Jan 2016
Modification date: 12 Jan 2016
Type: security
Affected Mageia releases : 5

Description

OpenVPN versions before 2.3.9 contain an out of bounds read error in
resolve_remote() in the file socket.c.  With both IPv4 and IPv6
connections, OpenVPN will read a struct sockaddr_in6, but in the IPv4 case
the data structure is smaller than in the IPv6 case.

The openvpn package has been updated to version 2.3.9, fixing this issue
and several other bugs.  See the upstream Changelog for details.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17418
• https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html
• https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.9

SRPMS

5/core

• openvpn-2.3.9-1.mga5