MGASA-2017-0152

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0152.html

Import Source

https://advisories.mageia.org/MGASA-2017-0152.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0152

Related

Published

2017-06-01T21:25:58Z

Modified

2017-06-01T19:35:44Z

Summary

Updated openvpn packages fix security vulnerability

Details

It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service (server or client crash) (CVE-2017-7478).

It was discovered that OpenVPN improperly triggered an assert when packet ids rolled over. An authenticated remote attacker could use this to cause a denial of service (application crash) (CVE-2017-7479).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / openvpn

Package

Name: openvpn
Purl: pkg:rpm/mageia/openvpn?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.16-1.mga5

Ecosystem specific

{
    "section": "core"
}