- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LSU
SUSE Security Update: Security update for openvpn
______________________________________________________________________________
Announcement ID: SUSE-SU-2017:1642-1
Rating: important
References: #1044947
Cross-References: CVE-2017-7508
Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for openvpn fixes the following issues:
– It was possible to trigger an assertion by sending a malformed IPv6
packet. That issue could have been abused to remotely shutdown an
openvpn server or client, if IPv6 and –mssfix were enabled and if the
IPv6 networks used inside the VPN were known. [bsc#1044947,
CVE-2017-7508]
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
– SUSE Linux Enterprise Server 11-SP4:
zypper in -t patch slessp4-openvpn-13166=1
– SUSE Linux Enterprise Server 11-SP3-LTSS:
zypper in -t patch slessp3-openvpn-13166=1
– SUSE Linux Enterprise Point of Sale 11-SP3:
zypper in -t patch sleposp3-openvpn-13166=1
– SUSE Linux Enterprise Debuginfo 11-SP4:
zypper in -t patch dbgsp4-openvpn-13166=1
– SUSE Linux Enterprise Debuginfo 11-SP3:
zypper in -t patch dbgsp3-openvpn-13166=1
To bring your system up-to-date, use “zypper patch”.
Package List:
– SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):
openvpn-2.0.9-143.46.1
openvpn-auth-pam-plugin-2.0.9-143.46.1
– SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
openvpn-2.0.9-143.46.1
openvpn-auth-pam-plugin-2.0.9-143.46.1
– SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
openvpn-2.0.9-143.46.1
openvpn-auth-pam-plugin-2.0.9-143.46.1
– SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):
openvpn-debuginfo-2.0.9-143.46.1
openvpn-debugsource-2.0.9-143.46.1
– SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
openvpn-debuginfo-2.0.9-143.46.1
openvpn-debugsource-2.0.9-143.46.1
References:
https://www.suse.com/security/cve/CVE-2017-7508.html
https://bugzilla.suse.com/1044947
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
| Autor | Vlatka Misic |
| Cert id | NCERT-REF-2017-06-0012-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
