Security Information / 2017 / Security Information -- DSA-3900-1 openvpn

Debian Security Advisory

DSA-3900-1 openvpn -- security update

Date Reported:

27 Jun 2017

Affected Packages:

openvpn

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 865480.
In Mitre's CVE dictionary: CVE-2017-7479, CVE-2017-7508, CVE-2017-7520, CVE-2017-7521.

More information:

Several issues were discovered in openvpn, a virtual private network application.

• CVE-2017-7479

  It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash.

• CVE-2017-7508

  Guido Vranken discovered that openvpn did not properly handle specific malformed IPv6 packets. This would allow a remote attacker to cause a denial-of-service via application crash.

• CVE-2017-7520

  Guido Vranken discovered that openvpn did not properly handle clients connecting to an HTTP proxy with NTLMv2 authentication. This would allow a remote attacker to cause a denial-of-service via application crash, or potentially leak sensitive information like the user's proxy password.

• CVE-2017-7521

  Guido Vranken discovered that openvpn did not properly handle some x509 extensions. This would allow a remote attacker to cause a denial-of-service via application crash.

For the oldstable distribution (jessie), these problems have been fixed in version 2.3.4-5+deb8u2.

For the stable distribution (stretch), these problems have been fixed in version 2.4.0-6+deb9u1.

For the testing distribution (buster), these problems have been fixed in version 2.4.3-1.

For the unstable distribution (sid), these problems have been fixed in version 2.4.3-1.

We recommend that you upgrade your openvpn packages.