Information on source package openvpn

Available versions

ReleaseVersion
stretch2.4.0-6+deb9u3
stretch (security)2.4.0-6+deb9u1
buster2.4.7-1
bullseye2.4.9-2
sid2.4.9-2

Open issues

BugstretchbusterbullseyesidDescription
CVE-2020-11810vulnerable (no DSA)vulnerable (no DSA)fixedfixedAn issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...
CVE-2017-12166vulnerable (no DSA)fixedfixedfixedOpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2018-7544vulnerablevulnerablevulnerablevulnerable** DISPUTED ** A cross-protocol scripting issue was discovered in the ...
CVE-2017-7522vulnerablefixedfixedfixedOpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...
CVE-2016-6329vulnerablevulnerablevulnerablevulnerableOpenVPN, when using a 64-bit block cipher, makes it easier for remote ...
CVE-2006-2229vulnerablevulnerablevulnerablevulnerableOpenVPN 2.0.7 and earlier, when configured to use the --management opt ...

Resolved issues

BugDescription
CVE-2018-9336openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x ...
CVE-2017-7521OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...
CVE-2017-7520OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...
CVE-2017-7508OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...
CVE-2017-7479OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reac ...
CVE-2017-7478OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Deni ...
CVE-2014-8104OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before ...
CVE-2013-2061The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ...
CVE-2008-3459Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...
CVE-2006-1629OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute a ...
CVE-2005-3409OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote atta ...
CVE-2005-3393Format string vulnerability in the foreign_option function in options. ...
CVE-2005-2534Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ena ...
CVE-2005-2533OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode ...
CVE-2005-2532OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue w ...
CVE-2005-2531OpenVPN before 2.0.1, when running with "verb 0" and without TLS authe ...

Security announcements

DSA / DLADescription
DSA-3900-1openvpn - security update
DLA-999-1openvpn - security update
DLA-944-1openvpn - security update
DLA-98-1openvpn - security update
DSA-3084-1openvpn - security update
DSA-1045-1openvpn - design error
DSA-885-1openvpn - several
DSA-851-1openvpn - denial of service

Search for package or bug name: Reporting problems