Re: [Openvpn-devel] [PATCH applied] Fix bounds check in read_key()

Thu, 21 Sep 2017 17:01:58 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Even though this fix have been backported and applied to release/2.3 and
older, we will only plan releases for v2.3 and v2.4.  We have mainly
backported this issue to release/2.3, but it was very easy to cherry-pick
this fix to the older branches; thus it was done so.

This patch is also sent out to the list a bit earlier than we normally
do , as the security impact of this issue is considered to be minimal.
This requires configurations to use --key-method 1 and will only work
in some of the many possible configuration possibilities.  When also 
considering that --key-method 2 have been the default since April 2005,
then it is hopefully clear that this is not a very critical issue.

This patch has been applied to the following branches

commit 3b1a61e9fb27213c46f76312f4065816bee8ed01  (master)
commit c7e259160b28e94e4ea7f0ef767f8134283af255  (release/2.4)
commit fce34375295151f548a26c2d0eb30141e427c81a  (release/2.3)
commit a9f5c744d6b09f2495ca48d2c926efd3a4b981e6  (release/2.2)
commit c560f95e7038daa3a1b5a08b69b85fb68d4eeef3  (release/2.1)
Author: Steffan Karger
Date:   Tue Aug 15 10:04:33 2017 +0200

     Fix bounds check in read_key()

     CVE: 2017-12166
     Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
     Acked-by: Gert Doering <g...@greenie.muc.de>
     Acked-by: David Sommerseth <dav...@openvpn.net>
     Message-Id: <80690690-67ac-3320-1891-9fecedc6a...@fox-it.com>
     URL: 
https://www.mail-archive.com/search?l=mid&q=80690690-67ac-3320-1891-9fecedc6a...@fox-it.com
     Signed-off-by: David Sommerseth <dav...@openvpn.net>


- --
kind regards,

David Sommerseth

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCgAGBQJZxFJzAAoJEIbPlEyWcf3yMoMP/16ULjZeoATgUyEFJFDnymiZ
xVpABNTnZ+vsFYjjTcx6RKXbGbvGZVmEqTFe5tke7CgeaVMyR13gtI7XjTscWlXK
KTZ9LdDK18cJ4dX/UmUpWoyt4wtEI0pPdcCx2T9uQXe3suYHz+iJscFwTfHZ6Jc6
HHE4PKc8137nfKGJANuT7mJFZ+z0EZBUwfeQqskO6RqOwTEn9AxlXpXEuTyAtYTp
e9WcX70aDWX9B5UfpyhBX7ztO5ItpLkGoL5VtYZkFi5VYBPrwJ9kOLuzDmaa27s3
H9MJWqbDDvTDyju+7jqc17mBcsr1LoisN0+uR+5N9qCsfeeMpVlEX/u/b7WGUNSN
OjlOqiqNsUI0OmWR6vueuByB8RFwJjqelL7GEr81o/RXzb9I33TN66L1SKMPPcS5
TtBSSjXkasYht3eYYxJBtnGwABQcpEFdwu2LWnZqDdTyr93DIlsQ+XokbalWllgH
ZHgs+sgQ4AJh7YG7vlvO95QQ984XVBbTFIC9mlOdffVu4ARGBuJfMz84aVxWx9Wt
lviSvMeXYdF9Nj0hKIk+ntLxXR0HCeFq3DbVxSpw56AlzZHypBD6xRfgmsMu1g4a
np0sYWGpzEvk5KE8NbbRtJUv0qxQ8bFU4otgJ+hcKwBvSEcZdu7KdzCeHUKq2AXw
2evGMbq03th94EP0D+M+
=eAY7
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to