This addresses a security fix for openvpn CVE-2014-8104 Signed-off-by: Armin Kuster <[email protected]> --- .../openvpn/openvpn/CVE-2014-8104.patch | 54 ++++++++++++++++++++++ .../recipes-support/openvpn/openvpn_2.3.4.bb | 4 +- 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-support/openvpn/openvpn/CVE-2014-8104.patch
diff --git a/meta-networking/recipes-support/openvpn/openvpn/CVE-2014-8104.patch b/meta-networking/recipes-support/openvpn/openvpn/CVE-2014-8104.patch new file mode 100644 index 0000000..a032b87 --- /dev/null +++ b/meta-networking/recipes-support/openvpn/openvpn/CVE-2014-8104.patch @@ -0,0 +1,54 @@ +openvpn: CVE-2014-8014 + +From 97597e732bda083e9aefc7a9f1b05056bf6ffd55 Mon Sep 17 00:00:00 2001 +From: Steffan Karger <[email protected]> +Date: Thu, 20 Nov 2014 13:43:05 +0100 +Subject: [PATCH] Drop too-short control channel packets instead of asserting + out. + +This fixes a denial-of-service vulnerability where an authenticated client +could stop the server by triggering a server-side ASSERT(). + +OpenVPN would previously ASSERT() that control channel packets have a +payload of at least 4 bytes. An authenticated client could trigger this +assert by sending a too-short control channel packet to the server. + +Thanks to Dragana Damjanovic for reporting the issue. + +This bug has been assigned CVE-2014-8104. + +Signed-off-by: Steffan Karger <[email protected]> +Acked-by: Gert Doering <[email protected]> +Message-Id: <[email protected]> +Signed-off-by: Gert Doering <[email protected]> +(cherry picked from commit c5590a6821e37f3b29735f55eb0c2b9c0924138c) + +Upstream-Status: Backport + +Armin Kuster <[email protected]> + + +--- + src/openvpn/ssl.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c +index 2373582..daffbf3 100644 +--- a/src/openvpn/ssl.c ++++ b/src/openvpn/ssl.c +@@ -2035,7 +2035,11 @@ key_method_2_read (struct buffer *buf, struct tls_multi *multi, struct tls_sessi + ASSERT (session->opt->key_method == 2); + + /* discard leading uint32 */ +- ASSERT (buf_advance (buf, 4)); ++ if (!buf_advance (buf, 4)) { ++ msg (D_TLS_ERRORS, "TLS ERROR: Plaintext buffer too short (%d bytes).", ++ buf->len); ++ goto error; ++ } + + /* get key method */ + key_method_flags = buf_read_u8 (buf); +-- +1.9.1 + diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb b/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb index 1fb722a..d91fb45 100644 --- a/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb +++ b/meta-networking/recipes-support/openvpn/openvpn_2.3.4.bb @@ -8,7 +8,9 @@ DEPENDS = "lzo openssl iproute2 ${@base_contains('DISTRO_FEATURES', 'pam', 'libp inherit autotools SRC_URI = "http://swupdate.openvpn.org/community/releases/openvpn-${PV}.tar.gz \ - file://openvpn" + file://openvpn \ + file://CVE-2014-8104.patch \ + " SRC_URI[md5sum] = "04d47237907faabe9d046970ffe44b2e" SRC_URI[sha256sum] = "af506d5f48568fa8d2f2435cb3fad35f9a9a8f263999ea6df3ba296960cec85a" -- 1.9.1 -- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
