Arch Linux: ASA-201512-19 Low Severity OpenVPN Out-of-Bound Read Issue
Dec 28, 2015
•
LinuxSecurity Advisories
1 min read
The package openvpn before version 2.3.9-1 is vulnerable to an out-of-bound read.
Arch Linux Security Advisory ASA-201512-19 ========================================= Severity: Low Date : 2015-12-28 CVE-ID : N/A Package : openvpn Type : out-of-bound error Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package openvpn before version 2.3.9-1 is vulnerable to an out-of-bound read. Resolution ========= Upgrade to 2.3.9-1. # pacman -Syu "openvpn>=2.3.9-1" The problem has been fixed upstream in version 2.3.9. Workaround ========= None. Description ========== The code always tried to copy-out a "struct sockaddr_in6" even for IPv4 results, which reads more bytes than getaddrinfo() is guaranteed to allocate. Impact ===== A remote attacker might be able to cause a denial of service (application crash) or access sensitive data. References ========= https://bugs.archlinux.org/task/47498 https://seclists.org/oss-sec/2015/q4/535 https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!