{
  "schema_version": "1.7.0",
  "id": "MGASA-2016-0146",
  "published": "2016-04-25T07:57:21Z",
  "modified": "2016-04-25T07:49:59Z",
  "summary": "Updated vtun packages fix security vulnerabilities",
  "details": "Updated vtun package fixes security vulnerability:\n\nA vulnerability was found in the vtun package. When you send a SIGHUP to a vtun\nclient process and it cannot connect to the remote server, vtun tries to\nreconnect without sleep between each attempt. In result, the vtun process uses\na lot of CPU, and writes to syslog without limit.\n\nThe vtun package has been updated to version 3.0.3 and patched to fix this\nissue and other bugs.\n",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2016-0146.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=18135"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/pipermail/package-announce/2016-April/181383.html"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "vtun",
        "purl": "pkg:rpm/mageia/vtun?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.0.3-1.mga5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}
