FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OpenVPN -- several vulnerabilities

Affected packages
openvpn < 2.3.17
2.4.0 <= openvpn < 2.4.3
openvpn-mbedtls < 2.4.3
openvpn-polarssl < 2.3.17

Details

VuXML ID 9f65d382-56a4-11e7-83e3-080027ef73ec
Discovery 2017-05-19
Entry 2017-06-21

Samuli Seppänen reports:

In May/June 2017 Guido Vranken threw a fuzzer at OpenVPN 2.4.2. In the process he found several vulnerabilities and reported them to the OpenVPN project. [...] The first releases to have these fixes are OpenVPN 2.4.3 and 2.3.17.

This is a list of fixed important vulnerabilities:

References

CVE Name CVE-2017-7508
CVE Name CVE-2017-7512
CVE Name CVE-2017-7520
CVE Name CVE-2017-7521
CVE Name CVE-2017-7522
URL https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243