This update brings in the latest OpenVPN v2.4.2 release. This release contains fixes for two authenticated remote DoS vulnerabilities (CVE-2017-7478 and CVE-2017-7479).
For more information see the upstream security announcement.
Also added a few fixes, related to package and own some run/shared state directories.
Please login to add feedback.
This update has been submitted for testing by dsommers.
dsommers edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been pushed to testing.
Update passes tests within local Puppet runs. New directory locations confirmed.
This update has been submitted for stable by bodhi.
This update was prepared before the proper CVE bugzillas were created, but here is the reference to them.
#1450993 - CVE-2017-7478 openvpn: Unauthenticated DoS via large control packets
#1450997 - CVE-2017-7479 openvpn: DoS due to exhaustion of packet-ID counter
This update has been pushed to stable.