security update in Fedora 26 for openvpn

Status: stable 2 years ago

This update brings in the latest OpenVPN v2.4.2 release. This release contains fixes for two authenticated remote DoS vulnerabilities (CVE-2017-7478 and CVE-2017-7479). For more information see the upstream security announcement.

This build also switches back to OpenSSL 1.0, using compat-openssl10 and compat-openssl10-pkcs11-helper. This is temporarily until full OpenSSL 1.1 support have arrived OpenVPN. This should also resolve a lot of issues with features missing or not working properly with mbed TLS.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-89d98779ec

Comments 9

This update has been submitted for testing by dsommers.

It works, MD5 bug fixed

karma: +1 #1443749: +1

This update has been pushed to testing.

Works great! LGTM! =)

karma: +1

works for me in a VM

karma: +1

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

This update was prepared before the proper CVE bugzillas were created, but here is the reference to them.

#1450993 - CVE-2017-7478 openvpn: Unauthenticated DoS via large control packets

#1450997 - CVE-2017-7479 openvpn: DoS due to exhaustion of packet-ID counter

Add Comment & Feedback

Please login to add feedback.

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -1
Autopush (karma)
Autopush (time)
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 4

00 #1432125 SELinux is preventing systemd from 'create' accesses on the unix_stream_socket Unknown.
00 #1440468 OpenVPN 2.4 in F26 lacks --pkcs12 support when built against mbed TLS
0+1 #1443749 No MD5 support available
00 #1443942 enable the x509-username-field option

Automated Test Results