Package
: openvpn
Version
: 2.2.1-8+deb7u5
CVE ID
: CVE-2017-7520
Debian Bug
: #865480
It was discovered that there were multiple out-of-bounds memory read
vulnerabilities in openvpn, a popular virtual private network (VPN) daemon.
If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle
attacker could cause the client to crash or disclose at most 96 bytes of stack
memory, likely to contain the proxy password.
For Debian 7 "Wheezy", this issue has been fixed in openvpn version
2.2.1-8+deb7u5.
We recommend that you upgrade your openvpn packages.
Regards,
--
,''`.
: :'
:
Chris Lamb, Debian Project Leader
`. `'`
lamby@debian.org /
chris-lamb.co.uk `-