lawson23
Posts: 7
Joined: Sat Nov 05, 2016 3:13 pm

OpenVPN update and version

Wed Jun 28, 2017 11:18 pm

How do I update the OpenVPN install on my raspberryPi?

How do I check the installed version of OpenVPN server?

User avatar
rpdom
Posts: 17275
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: OpenVPN update and version

Thu Jun 29, 2017 5:26 am

lawson23 wrote:How do I update the OpenVPN install on my raspberryPi?
To get any software updates for your current system, run

Code: Select all

apt-get update && apt-get -y dist-upgrade
How do I check the installed version of OpenVPN server?
There are a number of ways. An easy way is to use apt-cache policy, like this

Code: Select all

pi@raspi6 ~ $ apt-cache policy openvpn
openvpn:
  Installed: 2.3.4-5+deb8u1
  Candidate: 2.3.4-5+deb8u1
  Version table:
 *** 2.3.4-5+deb8u1 0
        500 http://mirrordirector.raspbian.org/raspbian/ jessie/main armhf Packages
        100 /var/lib/dpkg/status
That shows that I have version 2.3.4-5 with Debian security fixes update 1 installed.

lawson23
Posts: 7
Joined: Sat Nov 05, 2016 3:13 pm

Re: OpenVPN update and version

Thu Jun 29, 2017 11:41 am

rpdom,
Thank you very much as this answers my questions but...

The reason I asked about how to update pi and software like openvpn is two reasons.
One I have been running the commands as you suggested already and the issue is I can run them and run them again immediately and it says there are all these updates to run.
Two using your command I'm running openvpn Installed: 2.3.4-5+deb8u2 but the latest is 2.4.3 or 2.3.17. So I'm guessing this is because of where I'm getting the packages from do not hold the latest versions. I wanted to update because of the security issues just fixed in OpenVPN a few days ago.

lawson23
Posts: 7
Joined: Sat Nov 05, 2016 3:13 pm

Re: OpenVPN update and version

Thu Jun 29, 2017 11:44 am

Third time in 24 hours I guess was the charm on updating it is no longer seeing any updates needed. You may ignore that part of my last post.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

User avatar
rpdom
Posts: 17275
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: OpenVPN update and version

Thu Jun 29, 2017 3:57 pm

lawson23 wrote:using your command I'm running openvpn Installed: 2.3.4-5+deb8u2 but the latest is 2.4.3 or 2.3.17. So I'm guessing this is because of where I'm getting the packages from do not hold the latest versions. I wanted to update because of the security issues just fixed in OpenVPN a few days ago.
The fixes for that issue are included in version 2.3.4-5+deb8u2. Looking at the latest entry in the Debian changelog /usr/share/doc/openvpn/changelog.Debian.gz:

Code: Select all

openvpn (2.3.4-5+deb8u2) jessie-security; urgency=high

  * SECURITY UPDATE: authenticated remote DoS vulnerability due to
    packet ID rollover. CVE-2017-7479.
    Kudos to Steve Beattie <sbeattie@ubuntu.com> for doing all the backporting
    work for this patch.
    - debian/patches/CVE-2017-7479-prereq.patch: merge
      packet_id_alloc_outgoing() into packet_id_write()
    - debian/patches/CVE-2017-7479.patch: do not assert when packet ID
      rollover occurs
  * SECURITY UPDATE: (Closes: #865480)
    - CVE-2017-7508.patch. Fix remotely-triggerable ASSERT() on malformed IPv6
      packet.
    - CVE-2017-7520.patch. Prevent two kinds of stack buffer OOB reads and a
      crash for invalid input data.
    - CVE-2017-7521.patch. Fix potential double-free in --x509-alt-username.
    - CVE-2017-7521bis.patch. Fix remote-triggerable memory leaks.

 -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu, 22 Jun 2017 17:25:13 +0200
Debian sticks to older version of software because they are proved to be stable and suddenly updating can break things when options change. However, when any security related changes are made they also apply them to the old versions and add a "+debXuY" on the end of the version. X=8 for Debian/Raspbian 8 Jessie, and Y starts at 1 and increments with every fix added.

Thanks for letting me know that the updated version has been released. I've just upgraded mine :-)

lawson23
Posts: 7
Joined: Sat Nov 05, 2016 3:13 pm

Re: OpenVPN update and version

Thu Jun 29, 2017 4:13 pm

Thanks for all the valuable information!

Return to “Networking and servers”