ArchLinux: 201512-19: openvpn: out-of-bound read
Summary
The code always tried to copy-out a "struct sockaddr_in6" even for IPv4 results, which reads more bytes than getaddrinfo() is guaranteed to allocate.
Resolution
Upgrade to 2.3.9-1.
# pacman -Syu "openvpn>=2.3.9-1"
The problem has been fixed upstream in version 2.3.9.
References
https://bugs.archlinux.org/task/47498 https://seclists.org/oss-sec/2015/q4/535 https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html
Workaround
None.