An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit an ASSERT() and stop running.
openvpn 2.3: https://github.com/OpenVPN/openvpn/commit/b727643cdf
openvpn 2.4: https://github.com/OpenVPN/openvpn/commit/591a4e574c
Name: the OpenVPN project
Updated in Fedora/Fedora EPEL:
* F-24: (in progress, will be updated to 2.3.15)
* F-25: https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d0f18140a
* F-26: https://bodhi.fedoraproject.org/updates/FEDORA-2017-89d98779ec
* EL6: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6ee18d1c7b
* EPEL7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c9f915d837
Created openvpn tracking bugs for this issue:
Affects: epel-all [bug 1451001]
Affects: fedora-all [bug 1451000]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.