MGASA-2017-0372

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0372.html

Import Source

https://advisories.mageia.org/MGASA-2017-0372.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0372

Related

CVE-2017-12166

Published

2017-10-18T20:19:34Z

Modified

2017-12-31T18:17:00Z

Summary

Updated openvpn packages fix security vulnerability

Details

The bounds check in read_key() was performed after using the value, instead of before. If 'key-method 1' is used, this allowed an attacker to send a malformed packet to trigger a stack buffer overflow. Note that 'key-method 1' has been replaced by 'key method 2' as the default in OpenVPN 2.0 (CVE-2017-12166).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / openvpn

Package

Name: openvpn
Purl: pkg:rpm/mageia/openvpn?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.18-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / openvpn

Package

Name: openvpn
Purl: pkg:rpm/mageia/openvpn?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.4-1.mga6

Ecosystem specific

{
    "section": "core"
}