Updated openvpn packages fix security vulnerability
Publication date: 18 Oct 2017Modification date: 31 Dec 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-12166
Description
The bounds check in read_key() was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0 (CVE-2017-12166).
References
SRPMS
6/core
- openvpn-2.4.4-1.mga6
5/core
- openvpn-2.3.18-1.mga5