Fedora has issued an advisory today (August 26): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IIPSFOGSRZ5PCY7HRYCDJADE4DTIBMML/ Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated openvpn packages fix security vulnerability: Ciphers with 64-bit block sizes used in CBC mode were found to be vulnerable to birthday attack when key renegotiation doesn't happen frequently or at all in long running connections. Blowfish cipher as used in OpenVPN by default is vulnerable to this attack, that allows remote attacker to recover partial plaintext information (XOR of two plaintext blocks) (CVE-2016-6329). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6329 https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IIPSFOGSRZ5PCY7HRYCDJADE4DTIBMML/ ======================== Updated packages in core/updates_testing: ======================== openvpn-2.3.12-1.mga5 libopenvpn-devel-2.3.12-1.mga5 from openvpn-2.3.12-1.mga5.src.rpm
Testing ideas in Bug 17418.
Whiteboard: (none) => has_procedure
Tested using procedure from bug 10125
Keywords: (none) => validated_updateWhiteboard: has_procedure => has_procedure advisory MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0304.html
Status: NEW => RESOLVEDResolution: (none) => FIXED