SUSE has issued an advisory today (July 5): http://lists.suse.com/pipermail/sle-security-updates/2018-July/004246.html The SUSE bug has a link to the upstream commit that fixed the issue: https://bugzilla.suse.com/show_bug.cgi?id=1090839 Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => bruno
Seems 2.4.6 has the fix already in (in file src/openvpnserv/interactive.c) So updating cauldron to it.
Status: NEW => ASSIGNED
Patch modified and applied to 2.4.4 for MGA6
Assignee: bruno => qa-bugs
Thanks Bruno. Make sure you leave yourself CC'd when you assign to QA. You forgot to add a subrel, so I just fixed that. Advisory: ======================== Updated openvpn packages fix security vulnerability: Fix potential double-free() in Interactive Service could lead to denial of service (CVE-2018-9336). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9336 http://lists.suse.com/pipermail/sle-security-updates/2018-July/004246.html ======================== Updated packages in core/updates_testing: ======================== openvpn-2.4.4-1.1.mga6 libopenvpn-devel-2.4.4-1.1.mga6 from openvpn-2.4.4-1.1.mga6.src.rpm
CC: (none) => brunoVersion: Cauldron => 6Whiteboard: MGA6TOO => (none)
openSUSE has issued an advisory for this on July 7: https://lists.opensuse.org/opensuse-updates/2018-07/msg00017.html
uname -a Linux localhost 4.14.50-desktop-2.mga6 #1 SMP Mon Jun 18 13:19:12 UTC 2018 i686 i686 i686 GNU/Linux # openvpn --genkey --secret key # openvpn --test-crypto --secret key > crpt.test --- the output from the file Sat Jul 28 09:19:44 2018 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode Sat Jul 28 09:19:44 2018 OpenVPN 2.4.4 i586-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 7 2018 Sat Jul 28 09:19:44 2018 library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.09 Sat Jul 28 09:19:44 2018 OpenVPN 2.4.4 i586-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul 7 2018 Sat Jul 28 09:19:44 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:19:44 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Sat Jul 28 09:19:44 2018 Entering OpenVPN crypto self-test mode. Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=2 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=3 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=4 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=5 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=6 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=7 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=8 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=9 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=10 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=11 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=12 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=13 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=14 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=15 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=16 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=17 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=18 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=19 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=20 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=21 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=22 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=23 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=24 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=25 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=26 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=27 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=28 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=29 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=30 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=31 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=32 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=33 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=34 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=35 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=36 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=37 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=38 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=39 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=40 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=41 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=42 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=43 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=44 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=45 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=46 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=47 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=48 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=49 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=50 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=51 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=52 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=53 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=54 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=55 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=56 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=57 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=58 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=59 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=60 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=61 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=62 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=63 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=64 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=65 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=66 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=67 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=68 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=69 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=70 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=71 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=72 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=73 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=74 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=75 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=76 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=77 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=78 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=79 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=80 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=81 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=82 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=83 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=84 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=85 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=86 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=87 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=88 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=89 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=90 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=91 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=92 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=93 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=94 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=95 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=96 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=97 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=98 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=99 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=100 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=101 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=102 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=103 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=104 -- more stuff in the middle Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1488 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1489 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1490 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1491 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1492 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1493 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1494 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1495 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1496 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1497 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1498 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1499 Sat Jul 28 09:19:44 2018 TESTING ENCRYPT/DECRYPT of packet length=1500 Sat Jul 28 09:19:44 2018 OpenVPN crypto self-test mode SUCCEEDED. edited the sample config files for loopback server # vi /usr/share/openvpn/sample-config-files/loopback-server the following items had to be edited. dh /usr/share/openvpn/sample-keys/dh2048.pem ca /usr/share/openvpn/sample-keys/ca.crt key /usr/share/openvpn/sample-keys/server.key cert /usr/share/openvpn/sample-keys/server.crt tls-auth /usr/share/openvpn/sample-keys/ta.key 0 ran loopback server # openvpn --config /usr/share/openvpn/sample-config-files/loopback-server you'll see a bunch of text scroll by then it'll wait for a ping. ---- Next I edit the client-loopback file.. vi /usr/share/openvpn/sample-config-files/loopback-client the following items in the file had to be edited ca /usr/share/openvpn/sample-keys/ca.crt key /usr/share/openvpn/sample-keys/client.key cert /usr/share/openvpn/sample-keys/client.crt tls-auth /usr/share/openvpn/sample-keys/ta.key 1 ---- Next I run the server and client sessions # openvpn --config /usr/share/openvpn/sample-config-files/loopback-server > srvr.txt # openvpn --config /usr/share/openvpn/sample-config-files/loopback-client > client You can leave the two chat for awhile. You'll see the files grow as they communicate with each other Working as designed. --> I'll attach the outputs
CC: (none) => brtians1
Created attachment 10296 [details] output from server execute
Created attachment 10297 [details] output from client execute
Whiteboard: (none) => MGA6-32-OK
mga6-64 The following 3 packages are going to be installed: - libobjc4-5.5.0-1.mga6.x86_64 - openvpn-2.4.4-1.1.mga6.x86_64 - perl-Authen-PAM-0.160.0-16.mga6.x86_64 2.2MB of additional disk space will be used. 783KB of packages will be retrieved. followed the same configurations and execution. Successful
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
@Brian. Validating this even though there is no asterisk for the advisory. We have been bending the rules for some time just to trim down the list of things yet to be tested. Your tests are definitive - great work. Thanks.
CC: (none) => tarazed25
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0329.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED