Stay Secure with the Latest Linux Advisories

security advisoryfedoraconfiguration issue

Fedora 26 OpenVPN Setup Problem: Security Fix 2017-700915e34f Moderate

Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166]((Link no longer available))) From this update of, OpenVPN will use the lz4 compression library from Fedora. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-700915e34f 2017-10-02 14:21:42.635794 --------------------------------------------------------------------------------Name : openvpn Product : Fedora 26 Version : 2.4.4 Release : 1.fc26 URL : https://community.openvpn.net/openvpn Summary : A full-featured SSL VPN solution Description : OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. --------------------------------------------------------------------------------Update Information: Maintenance release with several minor upstream bugfixes and a security fix related to legacy configurations deploying the deprecated `key-method 1` configuration option ([CVE-2017-12166](https://community.openvpn.net/openvpnopenvpn/wiki/CVE-2017-12166)) From this update of, OpenVPN will use the lz4 compression library from Fedora instead of the upstream bundled library. --------------------------------------------------------------------------------References: [ 1 ] Bug #1497109 - CVE-2017-12166 openvpn: Incorrect bounds check in read_key() with 'key-method 1' https://bugzilla.redhat.com/show_bug.cgi?id=1497109 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade openvpn' at the command line. For more information, refer to the dnfdocumentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . A recent OpenVPN security upgrade for Fedora has been rolled out, focusing on enhancing legacy configuration protocols and streamlining compression efficiencies.. openvpn security update, fedora 26, key-method configuration, maintenance release. . Severity: Important. LinuxSecurity.com Team

Oct 02, 2017 •Important Fedora