Debian Linux Security Advisory 3900-1 - Several issues were discovered in openvpn, a virtual private network application.
bf8347ff66079df80932f331596ee3113b769a47ba519e3bc4dca3d7a34bc4e6Ubuntu Security Notice 3339-1 - Karthikeyan Bhargavan and Gaetan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
18a5c77511e3ae26a7bfae4c9431f20c33fd11ad212e06d8a50e2ce03e855ef6Ubuntu Security Notice 3284-1 - It was discovered that OpenVPN improperly triggered an assert when receiving an oversized control packet in some situations. A remote attacker could use this to cause a denial of service. It was discovered that OpenVPN improperly triggered an assert when packet ids rolled over. An authenticated remote attacker could use this to cause a denial of service. Various other issues were also addressed.
d0323cbce6c72f6e323f9f5f4a6bca483302ed4b2d91ef985a627a4d571e8433
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed