SUSE: Important Security Issues in OpenVPN Addressed in 2017:2838-1

suse

October 24, 2017

An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one An update that solves four vulnerabilities and has one errata is now a...

Summary

This update for openvpn fixes the following security issues: - CVE-2017-12166: OpenVPN was vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. (bsc#1060877). - CVE-2016-6329: Now show which ciphers should no longer be used in openvpn --show-ciphers to avoid the SWEET32 attack (bsc#995374) - CVE-2017-7478: OpenVPN was vulnerable to unauthenticated Denial of Service of server via received large control packet. (bsc#1038709) - CVE-2017-7479: OpenVPN was vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. (bsc#1038711) - Some other hardening fixes have also been applied (bsc#1038713) Patch Instructions: To install this SUSE Security Update use YaST online_update.

Topics Covered

security advisory security update buffer overflow DoS SUSE Linux OpenVPN important issues

References

#1038709 #1038711 #1038713 #1060877 #995374

Cross- CVE-2016-6329 CVE-2017-12166 CVE-2017-7478

CVE-2017-7479

Affected Products:

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2016-6329.html

https://www.suse.com/security/cve/CVE-2017-12166.html

https://www.suse.com/security/cve/CVE-2017-7478.html

https://www.suse.com/security/cve/CVE-2017-7479.html

https://bugzilla.suse.com/1038709

https://bugzilla.suse.com/1038711

https://bugzilla.suse.com/1038713

https://bugzilla.suse.com/1060877

https://bugzilla.suse.com/995374

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:2838-1

Rating: important

Topics Covered

security advisory security update buffer overflow DoS SUSE Linux OpenVPN important issues

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: Important Security Issues in OpenVPN Addressed in 2017:2838-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: Important Security Issues in OpenVPN Addressed in 2017:2838-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!