This update brings in the latest OpenVPN v2.4.2 release. This release contains fixes for two authenticated remote DoS vulnerabilities (CVE-2017-7478 and CVE-2017-7479). For more information see the upstream security announcement.
In addition the plug-in location which got removed by an accident during the clean-up is also back again.
Please login to add feedback.
This update has been submitted for testing by dsommers.
This update has been pushed to testing.
Working on CentOS 6 as planned.
karma: +1
This update was prepared before the proper CVE bugzillas were created, but here is the reference to them.
#1450993 - CVE-2017-7478 openvpn: Unauthenticated DoS via large control packets
#1450997 - CVE-2017-7479 openvpn: DoS due to exhaustion of packet-ID counter
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
This update has been obsoleted by openvpn-2.4.3-1.el6.