-
openvpn (2.3.11-1ubuntu2.1) yakkety-security; urgency=medium
* SECURITY UPDATE: birthday attack when using 64-bit block cipher
- debian/patches/CVE-2016-6329.patch: print warning if 64-bit cipher is
selected in src/openvpn/crypto.c, src/openvpn/crypto_openssl.c,
src/openvpn/crypto_polarssl.c, tests/t_lpback.sh.
- CVE-2016-6329
* SECURITY UPDATE: DoS due to Exhaustion of Packet-ID counter
- debian/patches/CVE-2017-7479-pre.patch: merge
packet_id_alloc_outgoing() into packet_id_write() in
src/openvpn/crypto.c, src/openvpn/packet_id.c,
src/openvpn/packet_id.h.
- debian/patches/CVE-2017-7479.patch: drop packets instead of assert
out if packet id rolls over in src/openvpn/crypto.c,
src/openvpn/packet_id.c, src/openvpn/packet_id.h.
- CVE-2017-7479
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Thu, 22 Jun 2017 09:04:47 -0400
-
openvpn (2.3.11-1ubuntu2) yakkety; urgency=medium
* debian/control: Actually drop the initscripts dependency.
(Closes: #804968)
-- Martin Pitt <email address hidden> Wed, 22 Jun 2016 16:54:51 +0200
-
openvpn (2.3.11-1ubuntu1) yakkety; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (see LP: #260291).
- Demote easy-rsa to Suggests (universe package).
* Drop intrusive changes (showing per-VPN result messages) from
debian/openvpn.init.d. This isn't being used under systemd.
openvpn (2.3.11-1) unstable; urgency=medium
* New upstream release.
* tun.c: patch to fix FTBFS in kfreebsd. (Closes: #815283)
Thanks Steven Chamberlain for the patch.
* README.Debian: Document limits in the service file.
(Closes: #819919, #823621)
* Removed versioned dependency on initscripts. (Closes: #804968)
-- Martin Pitt <email address hidden> Fri, 20 May 2016 17:30:27 +0200
-
openvpn (2.3.10-1ubuntu2) xenial; urgency=medium
* debian/openvpn@.service: Add --script-security similar to what got added
to debian/openvpn.init.d ages ago (see LP #260291). (LP: #1454725)
-- Martin Pitt <email address hidden> Tue, 02 Feb 2016 13:33:39 +0100