Fedora Linux 8492 Published by

An openvpn security update has been released for Fedora 38.

[SECURITY] Fedora 38 Update: openvpn-2.6.8-1.fc38

Fedora Update Notification
2023-11-29 01:27:58.698482

Name : openvpn
Product : Fedora 38
Version : 2.6.8
Release : 1.fc38
URL : https://community.openvpn.net/
Summary : A full-featured TLS VPN solution (beta release)
Description :
OpenVPN is a robust and highly flexible tunneling application that uses all
of the encryption, authentication, and certification features of the
OpenSSL library to securely tunnel IP networks over a single UDP or TCP
port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library
for compression.

Update Information:

This is an extended update of the OpenVPN 2.6.7 release which contains security
fixes for CVE-2023-46849 and CVE-2023-46850. That release had a regression
causing the `openvpn` daemon to segfault frequently; which is why the 2.6.7
release was pulled. This 2.6.8 release contains a fix for the regression issue
as well.

* Mon Nov 20 2023 David Sommerseth [davids@openvpn.net] - 2.6.8-1
- Update to upstream OpenPVN 2.6.7
- Fixes a regression from 2.6.7 resulting in a SIGSEGV (GitHub#449)
* Thu Nov 9 2023 David Sommerseth [davids@openvpn.net] - 2.6.7-1
- Update to upstream OpenVPN 2.6.7
- Fixes CVE-2023-46849, CVE-2023-46850
- Fix false exit status on pre runtime scriptlet (Elkhan Mammadli [elkhan@almalinux.org], RHBZ#2239722)
- Fix regression of systemctl scriptlet globbing issues (RHBZ#1887984); reintroduced in openvpn-2.6.0-1

[ 1 ] Bug #2250097 - CVE-2023-46849 openvpn: Use of --fragment option can lead to a division by zero error [fedora-all]
[ 2 ] Bug #2250100 - CVE-2023-46850 openvpn: Incorrect use of send buffer can cause memory to be sent to peer [fedora-all]
[ 3 ] Bug #2250513 - openvpn-2.6.8 is available

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-e4df33666c' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at