A stack-based buffer overflow flaw was found in the way Tinc, a virtual private network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet, processed certain TCP packets. A remote, authenticated attacker could send a specially-crafted TCP packet that, when processed would lead to tincd daemon termination (denial of service).
Relevant upstream patch:
This issue affects the versions of the tinc package, as shipped with Fedora release of 17 and 18. Please schedule an update.
Created tinc tracking bugs for this issue
Affects: fedora-all [bug 955707]
Sitsec Blog advisory:
tinc-1.0.21-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
tinc-1.0.21-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
tinc-1.0.21-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.