Updated openvpn packages fix security vulnerability
Publication date: 01 Jun 2017Modification date: 01 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7478 , CVE-2017-7479
Description
It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service (server or client crash) (CVE-2017-7478). It was discovered that OpenVPN improperly triggered an assert when packet ids rolled over. An authenticated remote attacker could use this to cause a denial of service (application crash) (CVE-2017-7479).
References
SRPMS
5/core
- openvpn-2.3.16-1.mga5