Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 24 Jun 2015 11:46:51 +0200
From: Sebastian Krahmer <krahmer@...e.com>
To: oss-security@...ts.openwall.com
Subject: OpenVPN hardening patches

Hi

As required per list policy, I am forwarding the patch that
I sent to distros list two weeks ago, as well as to upstream.

It is available here:

https://bugzilla.suse.com/show_bug.cgi?id=934237

I am still discussing some points with upstream, but most of the issues
should have no/little impact; for example the FD_SETSIZE checks are good
to have but mostly appear on client side code that should not outrun
the fdset; or the _exit() in the assert is in place just to ensure
termination in case someone "creates" an non-exit path in the msg(M_FATAL)
function by changing the muting-code or alike.

I am not requesting any CVEs.

Sebastian

-- 

~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.com - SuSE Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ