Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 38: 2023-e4df33666c moderate: OpenVPN segmentation fault resolution

fedora
Calendar Grey November 29, 2023
Dist Fedora Esm H88
Major update for OpenVPN 2.6.8 emphasizing essential security improvements and augmented performance features.
This is an extended update of the OpenVPN 2.6.7 release which contains security fixes for CVE-2023-46849 and CVE-2023-46850

Summary

OpenVPN is a robust and highly flexible tunneling application that uses all

of the encryption, authentication, and certification features of the

OpenSSL library to securely tunnel IP networks over a single UDP or TCP

port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library

for compression.

Update Information:

This is an extended update of the OpenVPN 2.6.7 release which contains security fixes for CVE-2023-46849 and CVE-2023-46850. That release had a regression causing the `openvpn` daemon to segfault frequently; which is why the 2.6.7 release was pulled. This 2.6.8 release contains a fix for the regression issue as well.

Topics%20covered

Topics Covered

security advisory update Fedora security fix segmentation fault OpenVPN

Change Log

* Mon Nov 20 2023 David Sommerseth - 2.6.8-1 - Update to upstream OpenPVN 2.6.7 - Fixes a regression from 2.6.7 resulting in a SIGSEGV (GitHub#449) * Thu Nov 9 2023 David Sommerseth - 2.6.7-1 - Update to upstream OpenVPN 2.6.7 - Fixes CVE-2023-46849, CVE-2023-46850 - Fix false exit status on pre runtime scriptlet (Elkhan Mammadli , RHBZ#2239722) - Fix regression of systemctl scriptlet globbing issues (RHBZ#1887984); reintroduced in openvpn-2.6.0-1

References


[ 1 ] Bug #2250097 - CVE-2023-46849 openvpn: Use of --fragment option can lead to a division by zero error [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2250097 [ 2 ] Bug #2250100 - CVE-2023-46850 openvpn: Incorrect use of send buffer can cause memory to be sent to peer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2250100 [ 3 ] Bug #2250513 - openvpn-2.6.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2250513

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-e4df33666c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: openvpn
Product: Fedora 38
Version: 2.6.8
Release: 1.fc38
URL:
Summary: A full-featured TLS VPN solution (beta release)

Topics%20covered

Topics Covered

security advisory update Fedora security fix segmentation fault OpenVPN

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here