[oe][meta-networking][scarthgap][PATCH 1/1] openvpn: upgrade 2.6.10 -> 2.6.12

Sun, 10 Nov 2024 22:41:49 -0800 

From: Haixiao Yan <[email protected]>

ChangeLog:
https://github.com/OpenVPN/openvpn/blob/v2.6.12/Changes.rst

Security fixes:

CVE-2024-4877: Windows: harden interactive service pipe.
Security scope: a malicious process with "some" elevated privileges
(SeImpersonatePrivilege) could open the pipe a second time,
tricking openvn GUI into providing user credentials (tokens),
getting full access to the account openvpn-gui.exe runs as.

CVE-2024-5594: control channel: refuse control channel messages with
nonprintable characters in them.
Security scope: a malicious openvpn peer can send garbage to openvpn log,
or cause high CPU load.

CVE-2024-28882: only call schedule_exit() once (on a given peer).
Security scope: an authenticated client can make the server "keep the
session" even when the server has been told to disconnect this client.

Signed-off-by: Haixiao Yan <[email protected]>
---
 .../openvpn/{openvpn_2.6.10.bb => openvpn_2.6.12.bb}            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-networking/recipes-support/openvpn/{openvpn_2.6.10.bb => 
openvpn_2.6.12.bb} (97%)

diff --git a/meta-networking/recipes-support/openvpn/openvpn_2.6.10.bb 
b/meta-networking/recipes-support/openvpn/openvpn_2.6.12.bb
similarity index 97%
rename from meta-networking/recipes-support/openvpn/openvpn_2.6.10.bb
rename to meta-networking/recipes-support/openvpn/openvpn_2.6.12.bb
index f8de78ff74fd..af237280ea0d 100644
--- a/meta-networking/recipes-support/openvpn/openvpn_2.6.10.bb
+++ b/meta-networking/recipes-support/openvpn/openvpn_2.6.12.bb
@@ -14,7 +14,7 @@ SRC_URI = 
"http://swupdate.openvpn.org/community/releases/${BP}.tar.gz \
 
 UPSTREAM_CHECK_URI = "https://openvpn.net/community-downloads";
 
-SRC_URI[sha256sum] = 
"1993bbb7b9edb430626eaa24573f881fd3df642f427fcb824b1aed1fca1bcc9b"
+SRC_URI[sha256sum] = 
"1c610fddeb686e34f1367c347e027e418e07523a10f4d8ce4a2c2af2f61a1929"
 
 CVE_STATUS[CVE-2020-27569] = "not-applicable-config: Applies only Aviatrix 
OpenVPN client, not openvpn"
 
-- 
2.34.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#113783): 
https://lists.openembedded.org/g/openembedded-devel/message/113783
Mute This Topic: https://lists.openembedded.org/mt/109510898/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to