VDB

GCVE-110-MAGEIA-2016-10

GCVE-110-MAGEIA-2016-10
Advisory Published
Vulnetix · Advisory published January 12, 2016
OpenVPN versions before 2.3.9 contain an out of bounds read error in resolve_remote() in the file socket.c. With both IPv4 and IPv6 connections, OpenVPN will read a struct sockaddr_in6, but in the IPv4 case the data structure is smaller than in the IPv6 case. The openvpn package has been updated to version 2.3.9, fixing this issue and several other bugs. See the upstream Changelog for details.

Affected Products

VendorProductVersionsPlatforms
Mageianodejs0 (affected), 0.10.41-1.mga5 (unaffected)
Mageiaopenvpn0 (affected), 2.3.9-1.mga5 (unaffected), 0 (affected), 2.3.9-1.mga5 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›