漏洞类别:Ubuntu
漏洞等级: 
漏洞信息
It was discovered that 64-bit block ciphers are vulnerable to a birthday attack.
It was discovered that OpenVPN incorrectly handled rollover of packet ids.
It was discovered that OpenVPN incorrectly handled certain malformed IPv6 packets.
It was discovered that OpenVPN incorrectly handled memory.
It was discovered that OpenVPN incorrectly handled an HTTP proxy with NTLM authentication.
It was discovered that OpenVPN incorrectly handled certain x509 extensions.
漏洞危害
A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-6329)
An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-7479)
A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7508)
A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7512)
A remote attacker could use this issue to cause OpenVPN clients to crash, resulting in a denial of service, or possibly expose sensitive memory contents. (CVE-2017-7520)
A remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2017-7521)
解决方案
Refer to Ubuntu advisory USN-3339-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3339-1: 16.04 (Xenial) on src (openvpn)
USN-3339-1: 17.04 (zesty) on src (openvpn)
0daybank
文章评论