[ubuntu/artful-proposed] openvpn 2.4.0-5ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Jun 22 18:37:17 UTC 2017 

openvpn (2.4.0-5ubuntu2) artful; urgency=medium

  * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
    - debian/patches/CVE-2017-7508.patch: remove assert in
      src/openvpn/mss.c.
    - CVE-2017-7508
  * SECURITY UPDATE: Remote-triggerable memory leaks
    - debian/patches/CVE-2017-7512.patch: fix leaks in
      src/openvpn/ssl_verify_openssl.c.
    - CVE-2017-7512
  * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
    for clients
    - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
      OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
    - CVE-2017-7520
  * SECURITY UPDATE: Potential double-free in --x509-alt-username and
    memory leaks
    - debian/patches/CVE-2017-7521.patch: fix double-free in
      src/openvpn/ssl_verify_openssl.c.
    - CVE-2017-7521
  * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
    - debian/patches/establish_http_proxy_passthru_dos.patch: fix
      null-pointer dereference in src/openvpn/proxy.c.
    - No CVE number

Date: Thu, 22 Jun 2017 14:10:56 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openvpn/2.4.0-5ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 22 Jun 2017 14:10:56 -0400
Source: openvpn
Binary: openvpn
Architecture: source
Version: 2.4.0-5ubuntu2
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 openvpn    - virtual private network daemon
Changes:
 openvpn (2.4.0-5ubuntu2) artful; urgency=medium
 .
   * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
     - debian/patches/CVE-2017-7508.patch: remove assert in
       src/openvpn/mss.c.
     - CVE-2017-7508
   * SECURITY UPDATE: Remote-triggerable memory leaks
     - debian/patches/CVE-2017-7512.patch: fix leaks in
       src/openvpn/ssl_verify_openssl.c.
     - CVE-2017-7512
   * SECURITY UPDATE: Pre-authentication remote crash/information disclosure
     for clients
     - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
       OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
     - CVE-2017-7520
   * SECURITY UPDATE: Potential double-free in --x509-alt-username and
     memory leaks
     - debian/patches/CVE-2017-7521.patch: fix double-free in
       src/openvpn/ssl_verify_openssl.c.
     - CVE-2017-7521
   * SECURITY UPDATE: DoS in establish_http_proxy_passthru()
     - debian/patches/establish_http_proxy_passthru_dos.patch: fix
       null-pointer dereference in src/openvpn/proxy.c.
     - No CVE number
Checksums-Sha1:
 cd88e433a9a7282771d98cd056734292ed9bd8e7 2160 openvpn_2.4.0-5ubuntu2.dsc
 bfb8c9462c95afb612d21f6e555cff92ec9a5ce2 60788 openvpn_2.4.0-5ubuntu2.debian.tar.xz
 cf6b9af64a36f00fdaa0ce16befce55a8c312591 6421 openvpn_2.4.0-5ubuntu2_source.buildinfo
Checksums-Sha256:
 1bccaaea34e0efc0bff98ab78c5f5a96ac648c2dbc6c314b48074c1ca314ef25 2160 openvpn_2.4.0-5ubuntu2.dsc
 e6114fe3365c5101ffe6f791f363276e7a047d0822aa1b05c2784b5c2e98757e 60788 openvpn_2.4.0-5ubuntu2.debian.tar.xz
 6873588b96898d5fd2fbf26acde0c4532e866edf18022357ab57087b2e35ce71 6421 openvpn_2.4.0-5ubuntu2_source.buildinfo
Files:
 cc75e54eace781b6ac7a85cb38cfc7c6 2160 net optional openvpn_2.4.0-5ubuntu2.dsc
 4a27245206fbc98c4f279c09f879859f 60788 net optional openvpn_2.4.0-5ubuntu2.debian.tar.xz
 a9d924bacd0d5edccda00b48e2fcc5f9 6421 net optional openvpn_2.4.0-5ubuntu2_source.buildinfo
Original-Maintainer: Alberto Gonzalez Iniesta <agi at inittab.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJZTA28AAoJEGVp2FWnRL6TYbsQAIEJMx1eFUinQwCGORsAP1wy
aN/u9Mnkj0LCkTzsZxGAXJedFfa4I/rG28o0Gc5Pw6HNAYnIGG3zxJIDuhkaxYMd
xbANtoMIQ1+xVaKPKQ1RVl5y9y+JsJn8iicPHhvMK1L7WvCouAGiTGkqL2+gxzuC
uihRFBUnfzurSmlq9tsLNO7PnzAYjNVbj0525h++Ntbl6E7PzNUevqt5g+XefAwu
3xZfAIUcNkZI76vPoOYSJhEyGfofsiFWhj/SGiAlT2iEWpZWdgpLR7eQRn15wYUJ
MHqgZIGu9FYTzf6tFK0nhkhz+y8iJaeApdBlNZoouwyIQ7pB7g7/00DKSrvuwX+x
KQlw85aLu7pSshT0G988xwRJzQ8dAmkUHBptQxYkXf/5NQKbnbH4pF8lL2ia2QY/
g8iz/GycK+HfdO3GfAXDjp2Q9jZ+Hf8xFocBeEy0FM/Z5qrMdn6V6C0spE1ETGcF
0LCRIVlMYnoN8vlhCtxezK6n9tprWGIY3KCcEp59mtqu1o+Q/RnFQwnrW2myTNmV
lxA43Xrog2AUS4fvWD3Oc/pGNvvf+Ik/KgDn8JhKWjhSlR5pLTZ49suM38v6Ydol
IQ5RXyTLH0vH0PdOjb9ewCTF62idjiIEEv8RK3tD5kb/rXHxvtPIIVhwZm2yvJYW
rY0EIVnkJGQOWj1b91Ly
=8u8J
-----END PGP SIGNATURE-----

More information about the Artful-changes mailing list