AVG-319 log

Package openvpn
Status Not affected
Severity Medium
Type denial of service
Affected 2.4.2-1
Fixed 2.4.3-1
Current 2.5.8-2 [extra]
Ticket None
Created Thu Jun 22 12:12:46 2017
Issue Severity Remote Type Description
CVE-2017-7522 Medium Yes Denial of service
A post-authentication remote DoS has been found in OpenVPN >= 2.4 and < 2.4.3, allowing a client to crash a server by sending a crafted certificate with an...
References
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
Notes
Not impacted by CVE-2017-7522 because we don't build openvpn against mbed.