Hide Forgot
An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit an ASSERT() and stop running. Upstream fixes: openvpn 2.3: https://github.com/OpenVPN/openvpn/commit/b727643cdf openvpn 2.4: https://github.com/OpenVPN/openvpn/commit/591a4e574c master: https://github.com/OpenVPN/openvpn/commit/e498cb0ea8 External References: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
Acknowledgments: Name: the OpenVPN project Upstream: QuarksLab
Updated in Fedora/Fedora EPEL: * F-24: (in progress, will be updated to 2.3.15) * F-25: https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d0f18140a * F-26: https://bodhi.fedoraproject.org/updates/FEDORA-2017-89d98779ec * EL6: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6ee18d1c7b * EPEL7: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c9f915d837
Created openvpn tracking bugs for this issue: Affects: epel-all [bug 1451001] Affects: fedora-all [bug 1451000]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.