SUSE Security Update: Security update for openvpn
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:1622-1
Rating:             important
References:         #1038709 #1038711 #1038713 #995374 
Cross-References:   CVE-2016-6329 CVE-2017-7478 CVE-2017-7479
                   
Affected Products:
                    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
                    SUSE Linux Enterprise Server 12-SP2
                    SUSE Linux Enterprise Desktop 12-SP2
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available.

Description:

   This update for openvpn fixes the following issues:

   - CVE-2016-6329: Show which ciphers should no longer be used in openvpn
     --show-ciphers (bsc#995374)
   - CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big
     payload in P_CONTROL (bsc#1038709)
   - CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID
     counter (bsc#1038711)
   - Hardening measures found by internal audit (bsc#1038713)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:

      zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-998=1

   - SUSE Linux Enterprise Server 12-SP2:

      zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-998=1

   - SUSE Linux Enterprise Desktop 12-SP2:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-998=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64):

      openvpn-2.3.8-16.14.1
      openvpn-auth-pam-plugin-2.3.8-16.14.1
      openvpn-auth-pam-plugin-debuginfo-2.3.8-16.14.1
      openvpn-debuginfo-2.3.8-16.14.1
      openvpn-debugsource-2.3.8-16.14.1

   - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64):

      openvpn-2.3.8-16.14.1
      openvpn-auth-pam-plugin-2.3.8-16.14.1
      openvpn-auth-pam-plugin-debuginfo-2.3.8-16.14.1
      openvpn-debuginfo-2.3.8-16.14.1
      openvpn-debugsource-2.3.8-16.14.1

   - SUSE Linux Enterprise Desktop 12-SP2 (x86_64):

      openvpn-2.3.8-16.14.1
      openvpn-debuginfo-2.3.8-16.14.1
      openvpn-debugsource-2.3.8-16.14.1


References:

   https://www.suse.com/security/cve/CVE-2016-6329.html
   https://www.suse.com/security/cve/CVE-2017-7478.html
   https://www.suse.com/security/cve/CVE-2017-7479.html
   https://bugzilla.suse.com/1038709
   https://bugzilla.suse.com/1038711
   https://bugzilla.suse.com/1038713
   https://bugzilla.suse.com/995374

SuSE: 2017:1622-1: important: openvpn

June 20, 2017
An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is no...

Summary

This update for openvpn fixes the following issues: - CVE-2016-6329: Show which ciphers should no longer be used in openvpn --show-ciphers (bsc#995374) - CVE-2017-7478: openvpn: Authenticated user can DoS server by using a big payload in P_CONTROL (bsc#1038709) - CVE-2017-7479: openvpn: Denial of Service due to Exhaustion of Packet-ID counter (bsc#1038711) - Hardening measures found by internal audit (bsc#1038713) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-998=1 - SUSE Linux Enterprise Server 12-SP2: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-998=1 - SUSE Linux Enterprise Desktop 12-SP2: zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-998=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (aarch64): openvpn-2.3.8-16.14.1 openvpn-auth-pam-plugin-2.3.8-16.14.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1 - SUSE Linux Enterprise Server 12-SP2 (aarch64 ppc64le x86_64): openvpn-2.3.8-16.14.1 openvpn-auth-pam-plugin-2.3.8-16.14.1 openvpn-auth-pam-plugin-debuginfo-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1 - SUSE Linux Enterprise Desktop 12-SP2 (x86_64): openvpn-2.3.8-16.14.1 openvpn-debuginfo-2.3.8-16.14.1 openvpn-debugsource-2.3.8-16.14.1

References

#1038709 #1038711 #1038713 #995374

Cross- CVE-2016-6329 CVE-2017-7478 CVE-2017-7479

Affected Products:

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Desktop 12-SP2

https://www.suse.com/security/cve/CVE-2016-6329.html

https://www.suse.com/security/cve/CVE-2017-7478.html

https://www.suse.com/security/cve/CVE-2017-7479.html

https://bugzilla.suse.com/1038709

https://bugzilla.suse.com/1038711

https://bugzilla.suse.com/1038713

https://bugzilla.suse.com/995374

Severity
Announcement ID: SUSE-SU-2017:1622-1
Rating: important

Related News

1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved