[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 999-1] openvpn security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : openvpn
Version        : 2.2.1-8+deb7u5
CVE ID         : CVE-2017-7520
Debian Bug     : #865480

It was discovered that there were multiple out-of-bounds memory read
vulnerabilities in openvpn, a popular virtual private network (VPN) daemon.

If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle
attacker could cause the client to crash or disclose at most 96 bytes of stack
memory, likely to contain the proxy password.

For Debian 7 "Wheezy", this issue has been fixed in openvpn version
2.2.1-8+deb7u5.

We recommend that you upgrade your openvpn packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb, Debian Project Leader
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllMLksACgkQHpU+J9Qx
HlgNJg/9Esah0Kgg3eWE8bDaPUY030QNbTqFcHYa6Fw9+rLtHrqmAh0KVWEaL0F3
4s+nheyFvwf+lwo2e5bh8bvuGpxe1pwzbaOizXIzVpkJtnlz4zYRWqymxj2r/oY2
+W18U6j3TePJ1cSHp9AqVxtEVlH7f0kRwiDOvAEGW8XVRh+SpmubqWiHyzdD9GaM
1yafyLEVt+Pv+o6nE2jvUOP+iyTB456DiBrLuZKxTkl+pWIEcyxHVDJ/95rxYsHV
O3CkpFOnLWlA4GsNe6chnFZTnlGv43P4K/vvYkHoRNUHE4MvfM604yUZmOPKCfXp
y0QpYLdcXL2Y5btHt0dky4p5JPhBy61ehjdCH4554PnwOiOro93cmFwCC3sSF+AA
r9eXdGgErOWi34yamorZyoZ5Pyea+Syza/iTI79bL8BE/BcEFtXPM324MwnWXpcw
qP/SC5W52v+Ca+LIxPDrvlvfYVYvRtvI4axzwjBanGF68KswHhafxun7P6l+F1OP
n+SnKUSiMk1/12T8sA4ircvioydPe5AxP5WykSwSntjnBM4Jd589LspKZDZBZaAi
fWt8QxSphvL/4jD4JE8sF8aQCiCVO88Iizykv9mx5Hr0G7cfPEzxjKpoiAAqZLYw
Y5v5htVwW81L05h48dg/Cm9PFD1ZwFMPzLha4V5ZE2mo7/NQGzI=
=5coS
-----END PGP SIGNATURE-----
Reply to: