openvpn: CVE-2023-46849 CVE-2023-46850

Debian Bug report logs - #1055805
openvpn: CVE-2023-46849 CVE-2023-46850

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: openvpn: CVE-2023-46849 CVE-2023-46850

Date: Sat, 11 Nov 2023 21:26:18 +0100

Source: openvpn
Version: 2.6.3-2.1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for openvpn.

CVE-2023-46849[0]:
| Using the --fragment option in certain configuration setups OpenVPN
| version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by
| zero behaviour which could cause an application crash, leading to a
| denial of service.


CVE-2023-46850[1]:
| Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to
| undefined behavoir, leaking memory buffers or remote execution when
| sending network buffers to a remote peer.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-46849
    https://www.cve.org/CVERecord?id=CVE-2023-46849
[1] https://security-tracker.debian.org/tracker/CVE-2023-46850
    https://www.cve.org/CVERecord?id=CVE-2023-46850
[2] https://community.openvpn.net/openvpn/wiki/CVE-2023-46849
[3] https://community.openvpn.net/openvpn/wiki/CVE-2023-46850

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 1055805-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 1055805-close@bugs.debian.org

Subject: Bug#1055805: fixed in openvpn 2.6.7-1

Date: Sat, 11 Nov 2023 21:34:53 +0000

Source: openvpn
Source-Version: 2.6.7-1
Done: Bernhard Schmidt <berni@debian.org>

We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1055805@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernhard Schmidt <berni@debian.org> (supplier of updated openvpn package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 11 Nov 2023 22:01:15 +0100
Source: openvpn
Architecture: source
Version: 2.6.7-1
Distribution: unstable
Urgency: medium
Maintainer: Bernhard Schmidt <berni@debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Closes: 1033179 1055805
Changes:
 openvpn (2.6.7-1) unstable; urgency=medium
 .
   [ Aquila Macedo ]
   * d/control: bump debhelper-compat level to 13.
   * d/patches: Remove outdated patches
   * d/patches: fix typo in openvpn binary
   * d/patches: fix typo in manpages
   * d/copyright: Update license to BSD-2
   * d/openvpn.service: add documentation
 .
   [ Bernhard Schmidt ]
   * New upstream version 2.6.7, fixing two CVEs (Closes: #1055805)
     - CVE-2023-46849: Use of --fragment option can lead to a division by zero
       error which can be fatal
     - CVE-2023-46850: Incorrect use of send buffer can cause memory to be sent
       to peer
   * Pick patch recommended by upstream in GH#449 to fix segfault
     introduced in 2.6.7
 .
   [ Remus-Gabriel Chelu ]
   * Add Romanian templates translation (Closes: #1033179)
Checksums-Sha1:
 4604b76e4cb15c07d6f91bf3b369b9ee2089615c 2204 openvpn_2.6.7-1.dsc
 30cb30daa8c5aaffdfe165e289fa5677fc8f703a 1895682 openvpn_2.6.7.orig.tar.gz
 c8688e3bd3f5277908a56875368c538ee07d5eda 61204 openvpn_2.6.7-1.debian.tar.xz
 98deb470bda0c4ec7555ee44c9d3e9f580132e51 7928 openvpn_2.6.7-1_amd64.buildinfo
Checksums-Sha256:
 5762d51b8ae61616495828386dc3ec6e8a6671768e897142e58bc1f5a9143dab 2204 openvpn_2.6.7-1.dsc
 ee9877340b1d8de47eb5b52712c3366855fa6a4a1955bf950c68577bd2039913 1895682 openvpn_2.6.7.orig.tar.gz
 16b77a6432c190303a5a89421a106da7b2fcf29f28533c3a766f491dae39e948 61204 openvpn_2.6.7-1.debian.tar.xz
 1438225a73d4f4b04a4d4227f44b309a116d7ecc68bee00a299e712517c410fc 7928 openvpn_2.6.7-1_amd64.buildinfo
Files:
 93f2d46c3bec9b1c283219c1f46ed13f 2204 net optional openvpn_2.6.7-1.dsc
 a1909ee8f236e04e32f6975c16385adb 1895682 net optional openvpn_2.6.7.orig.tar.gz
 9b518754b43adb9a90603f9b3bb802a5 61204 net optional openvpn_2.6.7-1.debian.tar.xz
 cb3a6b5a48fd1201c1af879cb672f0b6 7928 net optional openvpn_2.6.7-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmVP7aIRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJOzIA//VrtKdjSiZWMUW+auoPEWXn/2dow9JhV7
0stP7U0kFqL/iLi5D4RoKqhmBDKMXo/cMtLTZ6Rb2BpFM5MRdfBNMQGzJxfZURw7
f4T9r5714P6ZU1SdBPCKln32WI9zOtJEWCQyjNHjJhWvLxJ65QPOZyK6SMWV/koi
rMJDQgDvgR+397Gr+yIP+9XCJJHWHVGJr5mxVwNgF15dKU3CLd8Hdqwah9agwrit
VRObGL/rdr4dCC55uFovHR/gsP802jewOuAaHYa+rdhcJNmQp4O/5nhDbGKK3oON
5lfmt79HYGua6eowruQyyEbRg3io/bEAcKRGKPi9v1kLmp7a5DmjE+4DWb3Q4LJW
6WWJO93NfJDzaaswXGD/VpI9Ne677+5E+jniRZGl3gWw2tdwMF9hkcuIeBP9At9S
UqodcuqOxX+FifsEeBG4dhSVrpZ+hynJAvhjV7zGGDpJGFW49bbEpI8rj59Y8yyL
69eFBxCGTUJvrCVZP/Y/9GuM4iVkfVJiLXZ/ORewAm6H7jz1ljZY7sPcObrH4/R2
Cp5D1KNJ1wK5Eix6yaHwfYmWrFh+5TsMSj1KTRg6sV4miW9h0V84P1GDS6yjfyCK
/DIrSlOGzlLtjp5n4Fv4kfbxq0jULKs857ZjSQcfUFFYMrlGsCTmgnd88yXjcLWG
kkr9hK8Mwjg=
=+fLA
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.