Date: Fri, 17 Jan 2025 01:41:06 GMT From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: a07b2a9949f3 - main - security/vuxml: mention security/openvpn username/password length bugfix of v2.6.13 Message-ID: <202501170141.50H1f6xQ045427@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=a07b2a9949f31cae273911b6bfece31afd162454 commit a07b2a9949f31cae273911b6bfece31afd162454 Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2025-01-17 01:38:45 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2025-01-17 01:40:05 +0000 security/vuxml: mention security/openvpn username/password length bugfix of v2.6.13 I am not aware of a CVE number yet. Security: 47bc292a-d472-11ef-aaab-7d43732cb6f5 --- security/vuxml/vuln/2025.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 6a27a246869e..ad0fba1ec554 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,32 @@ + <vuln vid="47bc292a-d472-11ef-aaab-7d43732cb6f5"> + <topic>openvpn -- too long a username or password from a client can confuse openvpn servers</topic> + <affects> + <package> + <name>openvpn</name> + <range><lt>2.6.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Frank Lichtenheld reports:</p> + <blockquote cite="https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13">; + <p>[OpenVPN v2.6.13 ...] improve server-side handling of clients sending + usernames or passwords longer than USER_PASS_LEN - this would not + result in a crash, buffer overflow or other security issues, but the + server would then misparse incoming IV variables and produce misleading + error messages.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13</url>; + </references> + <dates> + <discovery>2024-10-28</discovery> + <entry>2025-01-17</entry> + </dates> + </vuln> + <vuln vid="163edccf-d2ba-11ef-b10e-589cfc10a551"> <topic>rsync -- Multiple security fixes</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202501170141.50H1f6xQ045427>