Advisories ยป MGASA-2017-0152

Updated openvpn packages fix security vulnerability

Publication date: 01 Jun 2017
Modification date: 01 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7478 , CVE-2017-7479

Description

It was discovered that OpenVPN improperly triggered an assert when
receiving an oversized control packet in some situations. A remote
attacker could use this to cause a denial of service (server or client
crash) (CVE-2017-7478).

It was discovered that OpenVPN improperly triggered an assert when packet
ids rolled over. An authenticated remote attacker could use this to cause
a denial of service (application crash) (CVE-2017-7479).
                

References

SRPMS

5/core