Hi Jeff - Thanks for the bug report! We've released an update for these issues in Ubuntu 17.04, which is the only stable Ubuntu release that CVE-2017-7478 affected. CVE-2017-7479 also affects all stable Ubuntu releases before 17.04 but we rated it as a 'low' and, therefore, we won't release security updates unless a higher severity issue is found in openvpn. This is to reduce the chance of regression in an update that only addresses a low impact security issue.
We published an Ubuntu Security Notice for the Ubuntu 17.04 update: https://www.ubuntu.com/usn/usn-3284-1/ We also tweeted about it: https://twitter.com/ubuntu_sec/status/864243702042177536 I hope you'll find one of those information feeds helpful. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-7478 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-7479 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1691531 Title: Security vulnerabilities in openvpn in 16.04LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1691531/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs