Summary: | <net-vpn/openvpn-2.4.2: multiple vulnerabilities including unauthenticated DoS | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Louis Sautier (sbraz) <sbraz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | chutzpah, mrueg, security |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results/ | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-vpn/openvpn-2.4.2-r1
|
Runtime testing required: | --- |
Description
Louis Sautier (sbraz)
2017-05-11 15:49:44 UTC
Removed all vulnerable versions except current stable. Added fixed versions 2.3.15 and 2.4.2 Maintainer(s), Thank you for your work. Closing - noglsa I think there's been a mistake here. This bug was closed, although the current stable version (2.3.12) is still vulnerable to most of these issues. It seems stabilization was forgotten. Correct, arches please stabilize 2.4.2 Keywords for net-vpn/openvpn: | | u | | a a p s a n r | n | | l m h i p p r m m i i s | e u s | r | p d a p a p c a x m i 6 o s 3 | a s l | e | h 6 r p 6 p 6 r 8 6 p 8 s c 9 s | p e o | p | a 4 m a 4 c 4 c 6 4 s k 2 v 0 h | i d t | o ---------+---------------------------------+-------+------- 2.3.12 | + + + + + + + + + o ~ o o o ~ ~ | 5 o 0 | gentoo 2.3.15 | ~ ~ ~ ~ ~ ~ ~ ~ ~ o ~ o o o ~ ~ | 6 # | gentoo [I]2.4.2 | ~ ~ ~ ~ ~ ~ ~ ~ ~ o ~ o o o ~ ~ | 6 o | gentoo 9999 | o o o o o o o o o o o o o o o o | 6 o | gentoo Stable on alpha. Stable for HPPA. amd64 stable x86 stable Stable on macOS x64 (see https://github.com/gentoo/gentoo/pull/4636). ppc64 stable ppc stable. Hanno, thank you for catching that. My fault. sparc stable openvpn-2.4.2 does not start for me. [ebuild R ] net-vpn/openvpn-2.4.2::gentoo USE="examples lzo pam plugins ssl -down-root -inotify -iproute2 (-libressl) -lz4 -mbedtls -pkcs11 (-polarssl) (-selinux) -static -systemd {-test}" 0 KiB When trying to start... /etc/init.d/openvpn start * Caching service dependencies ... [ ok ] * Starting openvpn ... * start-stop-daemon: failed to start `/usr/sbin/openvpn' * Check your logs to see why startup failed [ !! ] * ERROR: openvpn failed to start Nothing in my logs. Rolling back to openvpn-2.3.15, I can again start the service. (In reply to lou from comment #14) > openvpn-2.4.2 does not start for me. Please file a new bug. arm stable ia64 stable. Maintainer(s), please cleanup. Security, please vote. GLSA Vote: No Tree is clean. |