531526 – <net-misc/openvpn-2.3.6 Denial of Service Vulnerability CVE-2014-8104

Bug 531526 - <net-misc/openvpn-2.3.6 Denial of Service Vulnerability CVE-2014-8104

Summary: <net-misc/openvpn-2.3.6 Denial of Service Vulnerability CVE-2014-8104

Status:	RESOLVED DUPLICATE of bug 531308

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-12-03 11:48 UTC by Daniel "Fremen" Llewellyn
Modified:	2014-12-03 12:43 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel "Fremen" Llewellyn 2014-12-03 11:48:50 UTC

OpenVPN upstream released version 2.3.6 on December 1st. It appears this version is already in the portage tree, yet there hasn't been an appropriate GLSA raised for CVE-2014-8104 which this release fixes. The vulnerable code has been in all openvpn 2.x since 2005 and potentially before that. I feel that a GLSA should be raised for <net-misc/openvpn-2.3.6 to encourage all installations to update to the fixed version.

Ref: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2014-12-03 12:43:25 UTC


*** This bug has been marked as a duplicate of bug 531308 ***