You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa openvpn

Sigurnosni nedostatak programskog paketa openvpn

SUSE Security Update: Security update for openvpn
______________________________________________________________________________

Announcement ID: SUSE-SU-2017:1642-1
Rating: important
References: #1044947
Cross-References: CVE-2017-7508
Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for openvpn fixes the following issues:

– It was possible to trigger an assertion by sending a malformed IPv6
packet. That issue could have been abused to remotely shutdown an
openvpn server or client, if IPv6 and –mssfix were enabled and if the
IPv6 networks used inside the VPN were known. [bsc#1044947,
CVE-2017-7508]

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11-SP4:

zypper in -t patch slessp4-openvpn-13166=1

– SUSE Linux Enterprise Server 11-SP3-LTSS:

zypper in -t patch slessp3-openvpn-13166=1

– SUSE Linux Enterprise Point of Sale 11-SP3:

zypper in -t patch sleposp3-openvpn-13166=1

– SUSE Linux Enterprise Debuginfo 11-SP4:

zypper in -t patch dbgsp4-openvpn-13166=1

– SUSE Linux Enterprise Debuginfo 11-SP3:

zypper in -t patch dbgsp3-openvpn-13166=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

openvpn-2.0.9-143.46.1
openvpn-auth-pam-plugin-2.0.9-143.46.1

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

openvpn-2.0.9-143.46.1
openvpn-auth-pam-plugin-2.0.9-143.46.1

– SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

openvpn-2.0.9-143.46.1
openvpn-auth-pam-plugin-2.0.9-143.46.1

– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

openvpn-debuginfo-2.0.9-143.46.1
openvpn-debugsource-2.0.9-143.46.1

– SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

openvpn-debuginfo-2.0.9-143.46.1
openvpn-debugsource-2.0.9-143.46.1

References:

https://www.suse.com/security/cve/CVE-2017-7508.html
https://bugzilla.suse.com/1044947


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa openvpn

Otkriveni su sigurnosni nedostaci u programskom paketu openvpn za operacijski sustav SUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje DoS napada,...

Close