Overview Details

File _patchinfo of Package patchinfo

<patchinfo>
  <issue id="843509" tracker="bnc"> openvpn: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt</issue>
  <issue id="CVE-2013-2061" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>jluce2</packager>
  <description>The following security issues were fixed:
- Applied upstream patch changing to use a constant time memcmp
  when comparing HMACs in openvpn_decrypt to address ciphertext
  injection in UDP mode (CVE-2013-2061, bnc#843509).
  [0006-openvpn-2.0.9-HMAC-memcmp-CVE-2013-2061_bnc843509.patch]

Changes in openvpn:
- Applied upstream patch changing to use a constant time memcmp
  when comparing HMACs in openvpn_decrypt to address ciphertext
  injection in UDP mode (CVE-2013-2061, bnc#843509).
  [0006-openvpn-2.0.9-HMAC-memcmp-CVE-2013-2061_bnc843509.patch]
</description>
  <summary>update for openvpn</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places