diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1366a6e6aee5..86329930dca5 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -497,14 +497,14 @@ Note: Please add new entries to the beginning of this file. <body xmlns="http://www.w3.org/1999/xhtml"> <p>The OpenVPN project reports:</p> <blockquote cite="https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.1"> - <p>[OpenVPN 2.3.1 adds a fix to prevent potential side-channel - attacks by switching to a] constant time memcmp when comparing HMACs in [the] openvpn_decrypt [function].</p> + <p>OpenVPN 2.3.0 and earlier running in UDP mode are subject + to chosen ciphertext injection due to a non-constant-time + HMAC comparison function.</p> </blockquote> </body> </description> <references> - <url>https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.1</url> - <url>http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn-testing.git;a=commit;h=11d21349a4e7e38a025849479b36ace7c2eec2ee</url> + <url>https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc</url> </references> <dates> <discovery>2013-03-19</discovery> |