Summary: | <net-vpn/openvpn-2.6.7: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | major | CC: | a, chutzpah, williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/OpenVPN/openvpn/issues/449 https://gerrit.openvpn.net/c/openvpn/+/426 |
||
Whiteboard: | B2 [glsa? cleanup] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 909376, 921375 | ||
Bug Blocks: |
Description
Sam James
2023-11-13 03:24:21 UTC
Unfortunately openvpn-2.6.7 comes with a bug that causes segfaults under some conditions and people have already reported crashes. See: https://github.com/OpenVPN/openvpn/issues/449 A mitigation patch can be found in the ticket above or on the official gerrit: https://gerrit.openvpn.net/c/openvpn/+/426 May I suggest to urgently include this patch and push out 2.6.7_p1 ? Thanks a lot! Or, since 2.6.8 has been released to address the segfaults, just go with that instead. I'm sorry nobody spotted that. Looking now. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa82e5ca6c5ccdee72b6c8373491b447f5a86807 commit fa82e5ca6c5ccdee72b6c8373491b447f5a86807 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-01-05 07:36:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-01-05 07:36:29 +0000 net-vpn/openvpn: add 2.6.8 Fixes a critical crash in 2.6.7. Bug: https://bugs.gentoo.org/917272 Signed-off-by: Sam James <sam@gentoo.org> net-vpn/openvpn/Manifest | 1 + net-vpn/openvpn/openvpn-2.6.8.ebuild | 199 +++++++++++++++++++++++++++++++++++ net-vpn/openvpn/openvpn-9999.ebuild | 14 ++- 3 files changed, 209 insertions(+), 5 deletions(-) |