Main Vulnerability Database SB2016082307

SB2016082307 - Fedora 25 update for openvpn

Published: August 23, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016082307

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Access control error (CVE-ID: CVE-2016-6329)

The vulnerability allows attackers to gain access to potentially sensitive information.

The vulnerability exists due to capturing of long duration Blowfish CBC mode encrypted TLS session. Repeated sending of communication protocol with parts of the plaintext helps attackers to reconstruct the secret information.

Successful exploitation of this vulnerability may allow a remote attacker to access potentially sensitive data.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2016-81d6e6a9ac