ELBA-2021-14123
- ULN >
- Oracle Linux Errata repository >
- ELBA-2021-14123
ELBA-2021-14123 - openvpn Bug Fix update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2021-05-07 |
Description
[2.4.11-1]
- Update to upstream OpenVPN 2.4.11
- Fixes CVE-2020-15078
[2.4.10-1]
- Update to upstream OpenVPN 2.4.10
[2.4.9-1]
- Update to upstream OpenVPN 2.4.9
[2.4.8-1]
- Updating to upstream OpenVPN 2.4.8
[2.4.7-1]
- Updating to upstream OpenVPN 2.4.7
[2.4.6-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
[2.4.6-3]
- Enable the asynchronous push feature, which can improve connect speeds with slow authentication backends
[2.4.6-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
[2.4.6-1]
- Updating to upstream, openvpn-2.4.6
[2.4.5-1]
- Updating to upstream, openvpn-2.4.5
- Package upstream ChangeLog, which contains a bit more details than Changes.rst
- Cleaned up spec file further, removed Group: tag, trimmed changelog section,
added gcc to BuildRequires.
- Excluded not relevant file, README.mbedtls
- Package upstream version of README.systemd
- Fix wrong group owner of /etc/openvpn/{client,server} (rhbz#1526743)
- Changed crypto self-test to test AES-{128,256}-{CBC,GCM} instead of only BF-CBC (deprecated)
- Change /run/openvpn-{client,server} permissions to be 0750 instead of 0710, with group set to openvpn
[2.4.4-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
[2.4.4-2]
- Fix systemd executions/requirements
[2.4.4-1]
- Update to upstream openvpn-2.4.4
- Includes fix for possible stack overflow if --key-method 1 is used {CVE-2017-12166}
[2.4.3-4]
- Change to AES-GCM as the default cipher for server configurations (rhbz#1479270)
[2.4.3-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
[2.4.3-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[2.4.3-1]
- Updating to upstream openvpn-2.4.3
- Fix remotely-triggerable ASSERT() on malformed IPv6 packet {CVE-2017-7508}
- Prevent two kinds of stack buffer OOB reads and a crash for invalid input data {CVE-2017-7520}
- Fix potential double-free in --x509-alt-username {CVE-2017-7521}
- Fix remote-triggerable memory leaks {CVE-2017-7521}
- Ensure OpenVPN systemd services are restarted upon upgrades
- Verify PGP signature of source tarball as part of package building
- Build against system lz4 library
[2.4.2-2]
- Install and take ownership of /run/openvpn-{client,server} (rhbz#1444601)
- Install and take ownership of /var/lib/openvpn (rhbz#922786)
[2.4.2-1]
- Updating to upstream openvpn-2.4.2
- Switching back to OpenSSL, using compat-openssl10 (rhbz#1443749, rhbz#1432125, rhbz#1440468)
- Re-enabling --enable-x509-alt-username (rhbz#1443942)
- Add --enable-selinux
- Build with lz4 library from Fedora
[2.4.1-3]
- Splitting out -devel files into a separate package
- Removed several contrib and sample files which makes is not
strictly needed in this package.
- build: Enable tests runs by default, long running tests can
be disabled with '--without tests_long'
- build: Removed defined %{plugins} macro not in use
[2.4.1-2]
- Various cleanups
- Use systemd-rpm macros (rhbz #850257)
- Removed the deprecated openvpn@.service unit. Replaced by openvpn-{client,server}@.service
- Added README.systemd describing new systemd unit files
[2.4.1-1]
- Updating to upstream release, v2.4.1
- Added mbed TLS patch to allow RSA keys down to 1024 bits plus SHA1
and RIPE-160 hasing algorithms (based on OpenVPN 3 legacy profile)
- Removed no-functional ./configure options
- Use upstream tmfiles.d/openvpn
- Package newer openvpn-client/server@.service unit files
[2.4.0-2]
- Move to mbedtls to resolve FTBFS.
- Dropped, re-add once openvpn supports openssl 1.1.x
- --enable-pkcs11 - --enable-x509-alt-username
[2.4.0-1]
- 2.4.0.
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (aarch64) | openvpn-2.4.11-1.el8.src.rpm | 584dcfaa11a2c51d1b5ee0839fceaf551f88b491ebe8786cbd175d88733022cb | - | ol8_aarch64_developer_EPEL |
| openvpn-2.4.11-1.el8.aarch64.rpm | 5a87c661f60ef69855ab72a2ff00a3b0fe702bfa362ba1bcf0b6b0347f602724 | - | ol8_aarch64_developer_EPEL | |
| openvpn-devel-2.4.11-1.el8.aarch64.rpm | 47cbd162f77880207ba626e51733477d7b5f68d3db4d8ae7eb9e976a7fc36237 | - | ol8_aarch64_developer_EPEL | |
| Oracle Linux 8 (x86_64) | openvpn-2.4.11-1.el8.src.rpm | 584dcfaa11a2c51d1b5ee0839fceaf551f88b491ebe8786cbd175d88733022cb | - | ol8_x86_64_developer_EPEL |
| openvpn-2.4.11-1.el8.x86_64.rpm | f41c769a774754002cad436a8c12c75de17d1868a1bf0bb350dc80ce65115458 | - | ol8_x86_64_developer_EPEL | |
| openvpn-devel-2.4.11-1.el8.x86_64.rpm | 2600af298d3c81e40aabc15eb22bde5063a0607932302760cc1fa7b17c33b780 | - | ol8_x86_64_developer_EPEL | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
