Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 582902 - <net-misc/openvpn-2.3.11: two vulnerabilities
Summary: <net-misc/openvpn-2.3.11: two vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa ]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-13 10:14 UTC by Jeroen Roovers (RETIRED)
Modified: 2016-11-01 13:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers (RETIRED) gentoo-dev 2016-05-13 10:14:59 UTC
https://openvpn.net/index.php/open-source/downloads.html

OpenVPN 2.3.11-- released on 2016.05.10 (Change Log[1])

This release fixes two vulnerabilities: a port-share bug with DoS potential and a buffer overflow by user supplied data when using pam authentication. In addition a number of small fixes and improvements are included. A full list of changes is available here.

[1] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23

James Yonan (1):
      Fixed port-share bug with DoS potential

Jens Neuhalfen (2):
      Make intent of utun device name validation clear
      Fix buffer overflow by user supplied data
Comment 1 Manuel Rüger (RETIRED) gentoo-dev 2016-05-13 21:47:44 UTC
commit 608825b4ea83ee825771131d8414c9877d6d93a5
Author: Manuel Rüger <mrueg@gentoo.org>
Date:   Fri May 13 23:34:31 2016 +0200

    net-misc/openvpn: Security bump to 2.3.11, Check kernel options
    
    Gentoo-Bug: #582902
    Gentoo-Bug: #582208
    
    Package-Manager: portage-2.2.28



amd64 arm hppa ppc64 x86 alpha ia64 ppc sparc:

Please stabilize 2.3.11
Comment 2 Agostino Sarubbo gentoo-dev 2016-05-14 22:23:03 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2016-05-14 22:24:43 UTC
x86 stable
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2016-05-17 05:17:58 UTC
Stable for PPC64.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2016-05-18 08:56:24 UTC
Stable for HPPA.
Comment 6 Markus Meier gentoo-dev 2016-05-19 19:14:38 UTC
arm stable
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2016-05-20 20:08:29 UTC
Stable on alpha.
Comment 8 Agostino Sarubbo gentoo-dev 2016-07-08 07:58:08 UTC
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-07-08 10:06:40 UTC
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2016-07-08 12:06:02 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 11 Yury German Gentoo Infrastructure gentoo-dev 2016-09-10 00:37:27 UTC
Arches and Maintainer(s), Thank you for your work.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2016-11-01 13:26:36 UTC
This issue was resolved and addressed in
 GLSA 201611-02 at https://security.gentoo.org/glsa/201611-02
by GLSA coordinator Aaron Bauman (b-man).