It was discovered that there were multiple out-of-bounds memory read
vulnerabilities in openvpn, a popular virtual private network (VPN) daemon.
If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle
attacker could cause the client to crash or disclose at most 96 bytes of stack
memory, likely to contain the proxy password.
For Debian 7 "Wheezy", this issue has been fixed in openvpn version
We recommend that you upgrade your openvpn packages.
Chris Lamb, Debian Project Leader
`. `'` firstname.lastname@example.org