Bug 88379 - [MAINTAINER] security/openvpn: SECURITY update to 2.0.4
Summary: [MAINTAINER] security/openvpn: SECURITY update to 2.0.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
Depends on:
Reported: 2005-11-01 22:10 UTC by Matthias Andree
Modified: 2005-11-02 01:53 UTC (History)
0 users

See Also:

openvpn-2.0.4.patch (2.62 KB, patch)
2005-11-01 22:10 UTC, Matthias Andree
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Andree 2005-11-01 22:10:19 UTC
This upstream update fixes two security bugs:

CVE-2005-3393 - arbitrary code execution on client w/ "pull" or "client" option
		when server compromised or malicious

CVE-2005-3409 - Denial of Service against server in TCP mode (null dereference)

Other changes (summarized from ChangeLog): assertion at multi.c:1586 (or other
lines) fixed, double fork with --management-hold fixed, TUN/TAP read/write log
messages moved from --verb 8 to --verb 6, warn when multiple clients with same
common name usurp each other when --duplicate-cn is not used, picks default
gateway with smallest metric, fixed a bug where --mode server --proto
tcp-server --cipher none caused packet truncation.

Generated with FreeBSD Port Tools 0.63
Comment 1 Marcus Alves Grando freebsd_committer 2005-11-02 01:53:23 UTC
State Changed
From-To: open->closed

Committed. Thanks!