OpenVPN update and version

[lawson23]

How do I update the OpenVPN install on my raspberryPi?

How do I check the installed version of OpenVPN server?

[rpdom]

How do I update the OpenVPN install on my raspberryPi?

To get any software updates for your current system, run

Code: Select all

apt-get update && apt-get -y dist-upgrade

How do I check the installed version of OpenVPN server?

There are a number of ways. An easy way is to use apt-cache policy, like this

Code: Select all

pi@raspi6 ~ $ apt-cache policy openvpn
openvpn:
  Installed: 2.3.4-5+deb8u1
  Candidate: 2.3.4-5+deb8u1
  Version table:
 *** 2.3.4-5+deb8u1 0
        500 http://mirrordirector.raspbian.org/raspbian/ jessie/main armhf Packages
        100 /var/lib/dpkg/status

That shows that I have version 2.3.4-5 with Debian security fixes update 1 installed.

[lawson23]

rpdom,
Thank you very much as this answers my questions but...

The reason I asked about how to update pi and software like openvpn is two reasons.
One I have been running the commands as you suggested already and the issue is I can run them and run them again immediately and it says there are all these updates to run.
Two using your command I'm running openvpn Installed: 2.3.4-5+deb8u2 but the latest is 2.4.3 or 2.3.17. So I'm guessing this is because of where I'm getting the packages from do not hold the latest versions. I wanted to update because of the security issues just fixed in OpenVPN a few days ago.

[lawson23]

Third time in 24 hours I guess was the charm on updating it is no longer seeing any updates needed. You may ignore that part of my last post.

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

[rpdom]

using your command I'm running openvpn Installed: 2.3.4-5+deb8u2 but the latest is 2.4.3 or 2.3.17. So I'm guessing this is because of where I'm getting the packages from do not hold the latest versions. I wanted to update because of the security issues just fixed in OpenVPN a few days ago.

The fixes for that issue are included in version 2.3.4-5+deb8u2. Looking at the latest entry in the Debian changelog /usr/share/doc/openvpn/changelog.Debian.gz:

Code: Select all

openvpn (2.3.4-5+deb8u2) jessie-security; urgency=high

  * SECURITY UPDATE: authenticated remote DoS vulnerability due to
    packet ID rollover. CVE-2017-7479.
    Kudos to Steve Beattie <sbeattie@ubuntu.com> for doing all the backporting
    work for this patch.
    - debian/patches/CVE-2017-7479-prereq.patch: merge
      packet_id_alloc_outgoing() into packet_id_write()
    - debian/patches/CVE-2017-7479.patch: do not assert when packet ID
      rollover occurs
  * SECURITY UPDATE: (Closes: #865480)
    - CVE-2017-7508.patch. Fix remotely-triggerable ASSERT() on malformed IPv6
      packet.
    - CVE-2017-7520.patch. Prevent two kinds of stack buffer OOB reads and a
      crash for invalid input data.
    - CVE-2017-7521.patch. Fix potential double-free in --x509-alt-username.
    - CVE-2017-7521bis.patch. Fix remote-triggerable memory leaks.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 22 Jun 2017 17:25:13 +0200

Debian sticks to older version of software because they are proved to be stable and suddenly updating can break things when options change. However, when any security related changes are made they also apply them to the old versions and add a "+debXuY" on the end of the version. X=8 for Debian/Raspbian 8 Jessie, and Y starts at 1 and increments with every fix added.

Thanks for letting me know that the updated version has been released. I've just upgraded mine

[lawson23]

Thanks for all the valuable information!