Ubuntu Security Update USN-7340-1: OpenVPN vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,833
Reaction score
74
Credits
-1,257
It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS. (CVE-2017-12166) Reynir Björnsson discovered that OpenVPN incorrectly handled certain control channel messages with nonprintable characters. A remote attacker could possibly use this issue to cause OpenVPN to consume resources, or fill up log files with garbage, leading to a denial of service. (CVE-2024-5594)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-8286-1: OpenVPN vulnerabilities
Replies
0
Views
81
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8135-1: Pillow vulnerabilities
Replies
0
Views
163
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8282-1: Unbound vulnerabilities
Replies
0
Views
112
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8147-1: libarchive vulnerabilities
Replies
0
Views
199
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8248-1: NASM vulnerabilities
Replies
0
Views
85
LinuxBot
LinuxBot


Follow Linux.org

Members online

Total: 2,360 (members: 4, guests: 2,356)

Latest posts

Top