[3.7] tinc: Multiple issues (CVE-2018-16737, CVE-2018-16738, CVE-2018-16758)
CVE-2018-16737: tinc 1.0.29 and earlier allow an oracle attack that
could allow a remote attacker to establish one-way communication
with a tinc node, allowing it to send fake control messages and inject
packets into the VPN. The attack takes only a few seconds to complete.
Tinc 1.1pre14 and earlier allow the same attack if they are configured
to allow connections from nodes using the legacy 1.0.x protocol.
Fixed In Version:
tinc 1.0.35
References:
https://www.tinc-vpn.org/security/
Patch:
http://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
CVE-2018-16738: tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation.
Fixed In Version:
tinc 1.0.35
References:
https://www.tinc-vpn.org/security/
Patch:
https://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
CVE-2018-16758: Missing message authentication in the meta-protocol
in Tinc VPN version 1.0.34 and earlier
allows a man-in-the-middle attack to disable the encryption of VPN
packets.
Fixed In Version:
tinc 1.0.35
References:
https://www.tinc-vpn.org/security/
Patch:
https://www.tinc-vpn.org/git/browse?p=tinc;a=patch;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f
(from redmine: issue id 9841, created on 2019-01-10, closed on 2019-02-19)
- Relations:
- parent #9839 (closed)
- Changesets:
- Revision 4bae97cf on 2019-02-04T08:27:08Z:
main/tinc: security upgrade 1.0.35
CVE-2018-16738, CVE-2018-16758
Fixes #9841