Debian and Ubuntu have issued advisories on December 1 and December 2: https://www.debian.org/security/2014/dsa-3084 http://www.ubuntu.com/usn/usn-2430-1/ Patched packages uploaded for Mageia 4 and Cauldron. We previously updated this in Bug 10125, you may find some helpful information for testing it there. Advisory: ======================== Updated openvpn packages fix security vulnerability: Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service (CVE-2014-8104). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104 http://www.ubuntu.com/usn/usn-2430-1/ ======================== Updated packages in core/updates_testing: ======================== openvpn-2.3.2-3.1.mga4 libopenvpn-devel-2.3.2-3.1.mga4 from openvpn-2.3.2-3.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Advisory uploaded.
Whiteboard: (none) => has_procedure advisory
Upstream advisory: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
Testing MGA4-64 on HP Probook 6555b Installed without problems. After copying the sample server.conf and key files from /usr/share/openvpn to /etc/openvpn, I could execute successfully systemctl restart openvpn@server.service and systemctl status openvpn@server.service gave me the same info as in bug 10125 comment 8 ps -aux and netstat show vpn running However, trying to run client gives an error "certificate has expired" (unknown territory for me) but I can ping 10.8.0.1 (my own internal network being on 192.168.x.x) So, AFAICS it seems OK
CC: (none) => herman.viaeneWhiteboard: has_procedure advisory => has_procedure advisory MGA4-64-OK
Testing mga4 32 I get the same results as Herman. Without regenerating all the certificates, which doesn't seem straightforward to do, I think this shows it is working ok. Validating. Please push to updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory MGA4-64-OK => has_procedure advisory mga4-32-ok MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0512.html
Status: NEW => RESOLVEDResolution: (none) => FIXED