https://openvpn.net/index.php/open-source/downloads.html OpenVPN 2.3.11-- released on 2016.05.10 (Change Log[1]) This release fixes two vulnerabilities: a port-share bug with DoS potential and a buffer overflow by user supplied data when using pam authentication. In addition a number of small fixes and improvements are included. A full list of changes is available here. [1] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 James Yonan (1): Fixed port-share bug with DoS potential Jens Neuhalfen (2): Make intent of utun device name validation clear Fix buffer overflow by user supplied data
commit 608825b4ea83ee825771131d8414c9877d6d93a5 Author: Manuel Rüger <mrueg@gentoo.org> Date: Fri May 13 23:34:31 2016 +0200 net-misc/openvpn: Security bump to 2.3.11, Check kernel options Gentoo-Bug: #582902 Gentoo-Bug: #582208 Package-Manager: portage-2.2.28 amd64 arm hppa ppc64 x86 alpha ia64 ppc sparc: Please stabilize 2.3.11
amd64 stable
x86 stable
Stable for PPC64.
Stable for HPPA.
arm stable
Stable on alpha.
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches and Maintainer(s), Thank you for your work.
This issue was resolved and addressed in GLSA 201611-02 at https://security.gentoo.org/glsa/201611-02 by GLSA coordinator Aaron Bauman (b-man).