Start pinning openvpn versions & upgrade to openvpn 2.4.3

pieterlange · pieterlange · commit 3bbce7e7cc43 · 2017-06-23T10:45:43.000+02:00
fix: CVE-2017-7508 Remotely-triggerable ASSERT() on malformed IPv6 packet CVE-2017-7520 Pre-authentication remote crash/information disclosure CVE-2017-7521 Remote-triggerable memory leaks / potential double-free CVE-2017-7522 Post-authentication remote DoS with --x509-track
diff --git a/Dockerfile b/Dockerfile
@@ -5,7 +5,8 @@ MAINTAINER Pieter Lange <pieter@ptlc.nl>
 
 RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/community/" >> /etc/apk/repositories && \
     echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories && \
-    apk add --update openvpn bash easy-rsa libintl inotify-tools openvpn-auth-pam google-authenticator pamtester && \
+    apk add --update openvpn=2.4.3-r0 \
+      bash easy-rsa libintl inotify-tools openvpn-auth-pam google-authenticator pamtester && \
     apk add --virtual temppkg gettext &&  \
     cp /usr/bin/envsubst /usr/local/bin/envsubst && \
     ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin && \
