Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora 32 OpenVPN: FEDORA-2020-c1cb4ebcd9 Low Severity Timing Attack Issue

fedora
Calendar Grey April 28, 2020
Dist Fedora Esm H88
Upgrade OpenVPN to release 2.4.9 in Fedora 32 to reduce timing attack vulnerabilities by resolving identified security concerns.
Update to latest upstream OpenVPN 2.4.9 release

Summary

OpenVPN is a robust and highly flexible tunneling application that uses all

of the encryption, authentication, and certification features of the

OpenSSL library to securely tunnel IP networks over a single UDP or TCP

port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library

for compression.

Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for

CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly

precise timing attack combined with guessing a just assigned peer-id reference.

If successful, only a single client just initiating a new connection will

experience a denial of service situation. This wi why the severity is rated

low.

* Sun Apr 19 2020 David Sommerseth - 2.4.9-1

- Update to upstream OpenVPN 2.4.9

su -c 'dnf upgrade --advisory FEDORA-2020-c1cb4ebcd9' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
low
Lowest
Low
Medium
High
Critical

Product: Fedora 32
Version: 2.4.9
Release: 1.fc32
URL:
Summary: A full-featured SSL VPN solution

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here