Information on source package openvpn

Available versions

ReleaseVersion
wheezy2.2.1-8+deb7u3
wheezy (security)2.2.1-8+deb7u5
jessie (security)2.3.4-5+deb8u2
stretch2.4.0-6+deb9u2
stretch (security)2.4.0-6+deb9u1
buster2.4.4-1
sid2.4.4-1

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-12166vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedOpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-7522fixedfixedvulnerablefixedfixedOpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...
CVE-2016-6329vulnerablevulnerablevulnerablevulnerablevulnerableOpenVPN, when using a 64-bit block cipher, makes it easier for remote ...
CVE-2006-2229vulnerablevulnerablevulnerablevulnerablevulnerableOpenVPN 2.0.7 and earlier, when configured to use the --management ...

Resolved issues

BugDescription
CVE-2017-7521OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...
CVE-2017-7520OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...
CVE-2017-7508OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...
CVE-2017-7479OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to ...
CVE-2017-7478OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated ...
CVE-2014-8104OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before ...
CVE-2013-2061The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ...
CVE-2008-3459Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...
CVE-2006-1629OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute ...
CVE-2005-3409OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote ...
CVE-2005-3393Format string vulnerability in the foreign_option function in ...
CVE-2005-2534Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ...
CVE-2005-2533OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging ...
CVE-2005-2532OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue ...
CVE-2005-2531OpenVPN before 2.0.1, when running with "verb 0" and without TLS ...

Security announcements

DSA / DLADescription
DSA-3900-1openvpn - security update
DSA-3900-1openvpn - security update
DLA-999-1openvpn - security update
DLA-944-1openvpn - security update
DLA-98-1openvpn - security update
DSA-3084-1openvpn - security update
DSA-1045-1openvpn - design error
DSA-885-1openvpn - several
DSA-851-1openvpn - denial of service

Search for package or bug name: Reporting problems