Stay Secure with the Latest Linux Advisories

security advisoryFedoraDoS

Fedora 32 OpenVPN: FEDORA-2020-c1cb4ebcd9 Low Severity Timing Attack Issue

Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-c1cb4ebcd9 2020-04-29 02:13:31.168514 --------------------------------------------------------------------------------Name : openvpn Product : Fedora 32 Version : 2.4.9 Release : 1.fc32 URL : Summary : A full-featured SSL VPN solution Description : OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. --------------------------------------------------------------------------------Update Information: Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. This wi why the severity is rated low. --------------------------------------------------------------------------------ChangeLog: * Sun Apr 19 2020 David Sommerseth - 2.4.9-1 - Update to upstream OpenVPN 2.4.9 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-c1cb4ebcd9' at the command line. For more information,refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Upgrade OpenVPN to release 2.4.9 in Fedora 32 to reduce timing attack vulnerabilities by resolving identified security concerns.. OpenVPN Update, Fedora Security Advisory, Timing Attack Mitigation. . Severity: Low. LinuxSecurity.com Team

Apr 28, 2020 •Low Fedora