[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


Ian Jackson
Principal System Administrator
FC12 8329 B73D 0292 6AE9  7D36 A6EC F996 7BEC 92

On Jun 22, 2017, at 4:53 PM, Chris Lamb <lamby@debian.org> wrote:

Signed PGP part
Package        : openvpn
Version        : 2.2.1-8+deb7u5
CVE ID         : CVE-2017-7520
Debian Bug     : #865480

It was discovered that there were multiple out-of-bounds memory read
vulnerabilities in openvpn, a popular virtual private network (VPN) daemon.

If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle
attacker could cause the client to crash or disclose at most 96 bytes of stack
memory, likely to contain the proxy password.

For Debian 7 "Wheezy", this issue has been fixed in openvpn version

We recommend that you upgrade your openvpn packages.


     : :'  :     Chris Lamb, Debian Project Leader
     `. `'`      lamby@debian.org / chris-lamb.co.uk

Attachment: signature.asc
Description: Message signed with OpenPGP

Reply to: