Change logs for openvpn source package in Yakkety

  • openvpn (2.3.11-1ubuntu2.1) yakkety-security; urgency=medium
    
      * SECURITY UPDATE: birthday attack when using 64-bit block cipher
        - debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
          selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c,
          src/openvpn/crypto_polarssl.c, tests/t_lpback.sh.
        - CVE-2016-6329
      * SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
        - debian/patches/CVE-2017-7479-pre.patch: merge
          packet_id_alloc_outgoing() into packet_id_write() in
          src/openvpn/crypto.c, src/openvpn/packet_id.c,
          src/openvpn/packet_id.h.
        - debian/patches/CVE-2017-7479.patch: drop packets instead of assert
          out if packet id rolls over in src/openvpn/crypto.c,
          src/openvpn/packet_id.c, src/openvpn/packet_id.h.
        - CVE-2017-7479
      * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
        - debian/patches/CVE-2017-7508.patch: remove assert in
          src/openvpn/mss.c.
        - CVE-2017-7508
      * SECURITY UPDATE: Remote-triggerable memory leaks
        - debian/patches/CVE-2017-7512.patch: fix leaks in
          src/openvpn/ssl_verify_openssl.c.
        - CVE-2017-7512
      * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
        for clients
        - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
          OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
        - CVE-2017-7520
      * SECURITY UPDATE: Potential double-free in --x509-alt-username and
        memory leaks
        - debian/patches/CVE-2017-7521.patch: fix double-free in
          src/openvpn/ssl_verify_openssl.c.
        - CVE-2017-7521
      * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
        - debian/patches/establish_http_proxy_passthru_dos.patch: fix
          null-pointer dereference in src/openvpn/proxy.c.
        - No CVE number
    
     -- Marc Deslauriers <email address hidden>  Thu, 22 Jun 2017 09:04:47 -0400
  • openvpn (2.3.11-1ubuntu2) yakkety; urgency=medium
    
      * debian/control: Actually drop the initscripts dependency.
        (Closes: #804968)
    
     -- Martin Pitt <email address hidden>  Wed, 22 Jun 2016 16:54:51 +0200
  • openvpn (2.3.11-1ubuntu1) yakkety; urgency=medium
    
      * Merge with Debian unstable. Remaining Ubuntu changes:
        - debian/openvpn@.service: Add "--script-security 2" similar to what got
          added to debian/openvpn.init.d ages ago (see LP: #260291).
        - Demote easy-rsa to Suggests (universe package).
      * Drop intrusive changes (showing per-VPN result messages) from
        debian/openvpn.init.d. This isn't being used under systemd.
    
    openvpn (2.3.11-1) unstable; urgency=medium
    
      * New upstream release.
      * tun.c: patch to fix FTBFS in kfreebsd. (Closes: #815283)
        Thanks Steven Chamberlain for the patch.
      * README.Debian: Document limits in the service file.
        (Closes: #819919, #823621)
      * Removed versioned dependency on initscripts. (Closes: #804968)
    
     -- Martin Pitt <email address hidden>  Fri, 20 May 2016 17:30:27 +0200
  • openvpn (2.3.10-1ubuntu2) xenial; urgency=medium
    
      * debian/openvpn@.service: Add --script-security similar to what got added
        to debian/openvpn.init.d ages ago (see LP #260291). (LP: #1454725)
    
     -- Martin Pitt <email address hidden>  Tue, 02 Feb 2016 13:33:39 +0100