OpenVPN 2.4.6 David Sommerseth (1): management: Warn if TCP port is used without password Gert Doering (3): Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4 Fix potential double-free() in Interactive Service (CVE-2018-9336) preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst) Gert van Dijk (1): manpage: improve description of --status and --status-version Joost Rijneveld (1): Make return code external tls key match docs Selva Nair (3): Delete the IPv6 route to the "connected" network on tun close Management: warn about password only when the option is in use Avoid overflow in wakeup time computation Simon Matter (1): Add missing #ifdef SSL_OP_NO_TLSv1_1/2 Steffan Karger (1): Check for more data in control channel 1) Double free memory error Description The vulnerability allows a remote attacker to cause DoS condition on the target system. The weakness exists due to double-free memory error in Interactive Service. A remote attacker can trigger memory corruption and cause the service to crash. Remediation Update to version 2.4.6. External links https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
commit c5f422c9b6e6bd7a823d2d493cb9ffdb560413bc Author: Manuel Rüger <mrueg@gentoo.org> Date: Sat May 26 03:18:27 2018 +0200 net-vpn/openvpn: Version bump to 2.4.6 Package-Manager: Portage-2.3.40, Repoman-2.3.9
Arches please stabilize 2.4.6
No stable keywords for arm64, nothing to do..
An automated check of this bug failed - the following atom is unknown: net-misc/openvpn-2.4.6 Please verify the atom list.
An automated check of this bug succeeded - the previous repoman errors are now resolved.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3124319a6ff946ebdb7ab54404a64220455c919e commit 3124319a6ff946ebdb7ab54404a64220455c919e Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-03 10:12:15 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-03 10:12:30 +0000 net-vpn/openvpn: stable 2.4.6 for ia64, bug #654028 Bug: https://bugs.gentoo.org/654028 Package-Manager: Portage-2.3.38, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" net-vpn/openvpn/openvpn-2.4.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
amd64 stable
x86 stable
arm stable
Stable on alpha.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59266341d1325d280d04e3f091f2e0faf30701bd commit 59266341d1325d280d04e3f091f2e0faf30701bd Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 17:31:28 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 19:35:15 +0000 net-vpn/openvpn: stable 2.4.6 for ppc, bug #654028 Bug: https://bugs.gentoo.org/654028 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" net-vpn/openvpn/openvpn-2.4.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4bb8db052ade32f84d571f20876cb74567e871b commit c4bb8db052ade32f84d571f20876cb74567e871b Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 19:48:23 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 20:20:23 +0000 net-vpn/openvpn: stable 2.4.6 for ppc64, bug #654028 Bug: https://bugs.gentoo.org/654028 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" net-vpn/openvpn/openvpn-2.4.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
@maintainers, please clean vulnerable.
tree is clean