Bug 907764 (CVE-2014-8104) - VUL-0: CVE-2014-8104: openvpn: Critical denial of service vulnerability in OpenVPN servers
Summary: VUL-0: CVE-2014-8104: openvpn: Critical denial of service vulnerability in O...
Status: RESOLVED FIXED
Alias: CVE-2014-8104
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P1 - Urgent : Major
Target Milestone: ---
Deadline: 2014-12-09
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp1:59923 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-01 10:55 UTC by Marcus Meissner
Modified: 2016-03-10 08:41 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-12-01 10:55:33 UTC 
https://forums.openvpn.net/topic17625.html

A critical denial of service security vulnerability affecting OpenVPN servers was recently brought to our attention. A fixed version of OpenVPN (2.3.6) will be released today/tomorrow (1st Dec 2014) at around 18:00 UTC.

Brace yourselves for the update.

Best regards,

-- 
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
Comment 1 Marcus Meissner 2014-12-01 10:56:05 UTC 
currently there do not seem to be more details.
Comment 2 Johannes Segitz 2014-12-01 12:24:42 UTC 
(In reply to Marcus Meissner from comment #1)
I sent a mail asking for details in advance
Comment 8 Marius Tomaschewski 2014-12-01 19:47:58 UTC 
2.3.6 is out:
  http://openvpn.net/index.php/download/community-downloads.html

Submitted opensuse update packages to obs.
Comment 9 Bernhard Wiedemann 2014-12-01 20:00:16 UTC 
This is an autogenerated message for OBS integration:
This bug (907764) was mentioned in
https://build.opensuse.org/request/show/263668 13.2 / openvpn
https://build.opensuse.org/request/show/263669 13.1 / openvpn
https://build.opensuse.org/request/show/263670 Evergreen:11.4 / openvpn
https://build.opensuse.org/request/show/263672 Factory / openvpn
Comment 10 Bernhard Wiedemann 2014-12-01 21:00:19 UTC 
This is an autogenerated message for OBS integration:
This bug (907764) was mentioned in
https://build.opensuse.org/request/show/263675 12.3 / openvpn
Comment 11 Marcus Meissner 2014-12-02 07:41:50 UTC 
CVE-2014-8104
Comment 12 Swamp Workflow Management 2014-12-02 08:20:51 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-12-09.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/59858
Comment 13 Marcus Meissner 2014-12-08 15:52:19 UTC 
sle12 still in qa, rest released
Comment 14 Swamp Workflow Management 2014-12-08 16:07:02 UTC 
openSUSE-SU-2014:1594-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 907764
CVE References: CVE-2014-8104
Sources used:
openSUSE 13.2 (src):    openvpn-2.3.4-2.4.1
openSUSE 13.1 (src):    openvpn-2.3.2-3.4.1
openSUSE 12.3 (src):    openvpn-2.2.2-9.9.1
Comment 15 Swamp Workflow Management 2014-12-09 00:05:06 UTC 
SUSE-SU-2014:1605-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 895882,907764
CVE References: CVE-2014-8104
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    openvpn-2.0.9-143.44.1
SUSE Linux Enterprise Server 11 SP3 (src):    openvpn-2.0.9-143.44.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    openvpn-2.0.9-143.44.1
Comment 16 Swamp Workflow Management 2014-12-23 19:04:57 UTC 
SUSE-SU-2014:1694-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 907764
CVE References: CVE-2014-8104
Sources used:
SUSE Linux Enterprise Server 12 (src):    openvpn-2.3.2-11.1
SUSE Linux Enterprise Desktop 12 (src):    openvpn-2.3.2-11.1