This update brings in the latest OpenVPN v2.4.2 release. This release contains fixes for two authenticated remote DoS vulnerabilities (CVE-2017-7478 and CVE-2017-7479). For more information see the upstream security announcement.
This build also switches back to OpenSSL 1.0, using compat-openssl10 and compat-openssl10-pkcs11-helper. This is temporarily until full OpenSSL 1.1 support have arrived OpenVPN. This should also resolve a lot of issues with features missing or not working properly with mbed TLS.
sudo dnf upgrade --refresh --advisory=FEDORA-2017-89d98779ecPlease login to add feedback.
This update has been submitted for testing by dsommers.
It works, MD5 bug fixed
This update has been pushed to testing.
Works great! LGTM! =)
works for me in a VM
This update has been submitted for stable by bodhi.
Work for me
This update has been pushed to stable.
This update was prepared before the proper CVE bugzillas were created, but here is the reference to them.
#1450993 - CVE-2017-7478 openvpn: Unauthenticated DoS via large control packets
#1450997 - CVE-2017-7479 openvpn: DoS due to exhaustion of packet-ID counter