From the 2.6.7 release notes: """ CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue. (found while tracking down CVE-2023-46849 / Github #400, #417) CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration in some circumstances, leading to a division by zero when --fragment is used. On platforms where division by zero is fatal, this will cause an OpenVPN crash. (Github #400, #417). """
Unfortunately openvpn-2.6.7 comes with a bug that causes segfaults under some conditions and people have already reported crashes. See: https://github.com/OpenVPN/openvpn/issues/449 A mitigation patch can be found in the ticket above or on the official gerrit: https://gerrit.openvpn.net/c/openvpn/+/426 May I suggest to urgently include this patch and push out 2.6.7_p1 ? Thanks a lot!
Or, since 2.6.8 has been released to address the segfaults, just go with that instead.
I'm sorry nobody spotted that. Looking now.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa82e5ca6c5ccdee72b6c8373491b447f5a86807 commit fa82e5ca6c5ccdee72b6c8373491b447f5a86807 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-01-05 07:36:29 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-01-05 07:36:29 +0000 net-vpn/openvpn: add 2.6.8 Fixes a critical crash in 2.6.7. Bug: https://bugs.gentoo.org/917272 Signed-off-by: Sam James <sam@gentoo.org> net-vpn/openvpn/Manifest | 1 + net-vpn/openvpn/openvpn-2.6.8.ebuild | 199 +++++++++++++++++++++++++++++++++++ net-vpn/openvpn/openvpn-9999.ebuild | 14 ++- 3 files changed, 209 insertions(+), 5 deletions(-)
