Fedora has issued an advisory today (April 5): https://lists.fedoraproject.org/pipermail/package-announce/2016-April/181383.html Updated and patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated vtun package fixes security vulnerability: A vulnerability was found in the vtun package. When you send a SIGHUP to a vtun client process and it cannot connect to the remote server, vtun tries to reconnect without sleep between each attempt. In result, the vtun process uses a lot of CPU, and writes to syslog without limit. The vtun package has been updated to version 3.0.3 and patched to fix this issue and other bugs. References: http://vtun.sourceforge.net/ChangeLog https://lists.fedoraproject.org/pipermail/package-announce/2016-April/181383.html ======================== Updated packages in core/updates_testing: ======================== vtun-3.0.3-1.mga5 from vtun-3.0.3-1.mga5.src.rpm
In VirtualBox, M5, KDE, 64-bit Package(s) under test: vtun default install of vtun [root@localhost wilcal]# urpmi vtun Package vtun-3.0.2-10.mga5.x86_64 is already installed Is there a simple way we can use vtun to set up an IP tunnel between two Mageia systems on a LAN. Without it becoming a career thing?
CC: (none) => wilcal.int
Just ensuring it updates cleanly, which it does. Shows post failure when restarting the vtund/vtunc services but the package doesn't provide services by default.
Whiteboard: (none) => mga5-64-ok
Validating. Advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: mga5-64-ok => advisory mga5-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0146.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
CVE request: http://openwall.com/lists/oss-security/2016/04/26/1