[ubuntu/mantic-security] openvpn 2.6.5-0ubuntu1.1 (Accepted)

[Marc Deslauriers]

openvpn (2.6.5-0ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: divide-by-zero via --fragment option
    - debian/patches/CVE-2023-46849.patch: remove saving initial frame code
      in src/openvpn/forward.c, src/openvpn/init.c, src/openvpn/openvpn.h.
    - CVE-2023-46849
  * SECURITY UPDATE: memory disclosure or code exec via use-after-free
    - debian/patches/CVE-2023-46850.patch: fix using to_link buffer after
      freed in src/openvpn/ssl.c.
    - CVE-2023-46850

Date: 2023-11-15 18:39:11.254575+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openvpn/2.6.5-0ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.