diff options
author | Matthias Andree <mandree@FreeBSD.org> | 2025-01-17 01:38:45 +0000 |
---|---|---|
committer | Matthias Andree <mandree@FreeBSD.org> | 2025-01-17 01:40:05 +0000 |
commit | a07b2a9949f31cae273911b6bfece31afd162454 (patch) | |
tree | fec6ff766d225a382033ff27a68535e613c22fa4 | |
parent | 5d9eb9407b356d89a007061589e064cfbebf6b4e (diff) |
security/vuxml: mention security/openvpn username/password length bugfix of v2.6.13
I am not aware of a CVE number yet.
Security: 47bc292a-d472-11ef-aaab-7d43732cb6f5
-rw-r--r-- | security/vuxml/vuln/2025.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 6a27a246869e..ad0fba1ec554 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,32 @@ + <vuln vid="47bc292a-d472-11ef-aaab-7d43732cb6f5"> + <topic>openvpn -- too long a username or password from a client can confuse openvpn servers</topic> + <affects> + <package> + <name>openvpn</name> + <range><lt>2.6.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Frank Lichtenheld reports:</p> + <blockquote cite="https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13"> + <p>[OpenVPN v2.6.13 ...] improve server-side handling of clients sending + usernames or passwords longer than USER_PASS_LEN - this would not + result in a crash, buffer overflow or other security issues, but the + server would then misparse incoming IV variables and produce misleading + error messages.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13</url> + </references> + <dates> + <discovery>2024-10-28</discovery> + <entry>2025-01-17</entry> + </dates> + </vuln> + <vuln vid="163edccf-d2ba-11ef-b10e-589cfc10a551"> <topic>rsync -- Multiple security fixes</topic> <affects> |