Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 24 Jun 2015 11:46:51 +0200
From: Sebastian Krahmer <>
Subject: OpenVPN hardening patches


As required per list policy, I am forwarding the patch that
I sent to distros list two weeks ago, as well as to upstream.

It is available here:

I am still discussing some points with upstream, but most of the issues
should have no/little impact; for example the FD_SETSIZE checks are good
to have but mostly appear on client side code that should not outrun
the fdset; or the _exit() in the assert is in place just to ensure
termination in case someone "creates" an non-exit path in the msg(M_FATAL)
function by changing the muting-code or alike.

I am not requesting any CVEs.



~ perl
~ $_='print"\$_=\47$_\47;eval"';eval
~ - SuSE Security Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.