AVG-271 log

Package	openvpn
Status	Fixed
Severity	High
Type	denial of service
Affected	2.4.1-2
Fixed	2.4.2-1
Current	2.6.12-2 [extra]
Ticket	None
Created	Thu May 11 16:20:31 2017

Issue	Severity	Remote	Type	Description
CVE-2017-7479	Medium	Yes	Denial of service	A security issue has been found in OpenVPN <= 2.4.1 where an authenticated attacker can crash a server using an AEAD mode cipher by sending crafted data to...
CVE-2017-7478	High	Yes	Denial of service	A security issue has been found in OpenVPN <= 2.4.1 where an unauthenticated attacker can send a packet with an unexpected payload size during SSL...

Issue

Severity

Remote

Type

Description

CVE-2017-7479

Medium

Yes

Denial of service

A security issue has been found in OpenVPN <= 2.4.1 where an authenticated attacker can crash a server using an AEAD mode cipher by sending crafted data to...

CVE-2017-7478

High

Yes

Denial of service

A security issue has been found in OpenVPN <= 2.4.1 where an unauthenticated attacker can send a packet with an unexpected payload size during SSL...

Date	Advisory	Package	Type
13 May 2017	ASA-201705-16	openvpn	denial of service

References
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results/ http://blog.quarkslab.com/security-assessment-of-openvpn.html

References

https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results/
http://blog.quarkslab.com/security-assessment-of-openvpn.html