Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6484-1

Ubuntu Security Notice 6484-1 - It was discovered that OpenVPN incorrectly handled the --fragment option in certain configurations. A remote attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. It was discovered that OpenVPN incorrectly handled certain memory operations. A remote attacker could use this issue to cause OpenVPN to crash, obtain sensitive information, or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-6484-1November 16, 2023openvpn vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 23.04Summary:Several security issues were fixed in OpenVPN.Software Description:- openvpn: virtual private network softwareDetails:It was discovered that OpenVPN incorrectly handled the --fragment optionin certain configurations. A remote attacker could possibly use this issueto cause OpenVPN to crash, resulting in a denial of service.(CVE-2023-46849)It was discovered that OpenVPN incorrectly handled certain memoryoperations. A remote attacker could use this issue to cause OpenVPN tocrash, obtain sensitive information, or possibly execute arbitrary code.(CVE-2023-46850)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   openvpn                         2.6.5-0ubuntu1.1Ubuntu 23.04:   openvpn                         2.6.1-1ubuntu1.1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6484-1   CVE-2023-46849, CVE-2023-46850Package Information:   https://launchpad.net/ubuntu/+source/openvpn/2.6.5-0ubuntu1.1   https://launchpad.net/ubuntu/+source/openvpn/2.6.1-1ubuntu1.1

Related news

Gentoo Linux Security Advisory 202409-08

Gentoo Linux Security Advisory 202409-8 - Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. Versions greater than or equal to 2.6.7 are affected.

Debian Security Advisory 5555-1

Debian Linux Security Advisory 5555-1 - Two vulnerabilities were discovered in openvpn, a virtual private network application which could result in memory disclosure or denial of service.

CVE-2023-46849

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

CVE-2023-46850

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution