This update brings in the latest OpenVPN v2.4.2 release. This release contains fixes for two authenticated remote DoS vulnerabilities (CVE-2017-7478 and CVE-2017-7479).
For more information see the upstream security announcement.
sudo dnf upgrade --refresh --advisory=FEDORA-2017-0d0f18140a
Please login to add feedback.
This update has been submitted for testing by dsommers.
This update has been pushed to testing.
works for me
This update has been submitted for stable by bodhi.
Works for me
This update has been pushed to stable.
This update was prepared before the proper CVE bugzillas were created, but here is the reference to them.
#1450993 - CVE-2017-7478 openvpn: Unauthenticated DoS via large control packets
#1450997 - CVE-2017-7479 openvpn: DoS due to exhaustion of packet-ID counter