FEDORA-2017-89d98779ec created by dsommers 3 years ago for Fedora 26
stable

This update brings in the latest OpenVPN v2.4.2 release. This release contains fixes for two authenticated remote DoS vulnerabilities (CVE-2017-7478 and CVE-2017-7479). For more information see the upstream security announcement.

This build also switches back to OpenSSL 1.0, using compat-openssl10 and compat-openssl10-pkcs11-helper. This is temporarily until full OpenSSL 1.1 support have arrived OpenVPN. This should also resolve a lot of issues with features missing or not working properly with mbed TLS.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-89d98779ec

This update has been submitted for testing by dsommers.

3 years ago
User Icon renault commented & provided feedback 3 years ago
karma

It works, MD5 bug fixed

BZ#1443749 No MD5 support available

This update has been pushed to testing.

3 years ago
User Icon besser82 commented & provided feedback 3 years ago
karma

Works great! LGTM! =)

User Icon cserpentis commented & provided feedback 3 years ago
karma

works for me in a VM

This update has been submitted for stable by bodhi.

3 years ago
User Icon anonymous commented & provided feedback 3 years ago

Work for me

This update has been pushed to stable.

3 years ago
User Icon dsommers commented & provided feedback 3 years ago

This update was prepared before the proper CVE bugzillas were created, but here is the reference to them.

#1450993 - CVE-2017-7478 openvpn: Unauthenticated DoS via large control packets

#1450997 - CVE-2017-7479 openvpn: DoS due to exhaustion of packet-ID counter


Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
3
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1432125 SELinux is preventing systemd from 'create' accesses on the unix_stream_socket Unknown.
0
0
BZ#1440468 OpenVPN 2.4 in F26 lacks --pkcs12 support when built against mbed TLS
0
0
BZ#1443749 No MD5 support available
0
1
BZ#1443942 enable the x509-username-field option
0
0

Automated Test Results