Stay Secure with the Latest Linux Advisories

security advisoryFedoraOpenVPN

Fedora 27 OpenVPN: Security Fix For Legacy Configuration Support

Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166]((Link no longer available))) From this update of, OpenVPN will use the lz4 compression library from Fedora. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-5882331351 2017-10-04 20:36:58.447310 --------------------------------------------------------------------------------Name : openvpn Product : Fedora 27 Version : 2.4.4 Release : 1.fc27 URL : Summary : A full-featured SSL VPN solution Description : OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. --------------------------------------------------------------------------------Update Information: Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166]()) From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled library. --------------------------------------------------------------------------------References: [ 1 ] Bug #1497109 - CVE-2017-12166 openvpn: Incorrect bounds check in read_key() with 'key-method 1' https://bugzilla.redhat.com/show_bug.cgi?id=1497109 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade openvpn' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signedwith the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . Fedora 27 recently released an update to tackle OpenVPN vulnerabilities in older configurations, enhancing support for data compression.. OpenVPN Security, Fedora Update, Configuration Issues, Network Security, Compression Fix. . Severity: Critical. LinuxSecurity.com Team

Oct 04, 2017 •Critical Fedora