digest

Subject: digest

From: Ian Jackson <ianjack@ren-isac.net>

Date: Fri, 14 Jul 2017 16:12:43 -0400

Message-id: <[🔎] 65FBACD3-CC76-4F13-A7A3-B98AB796D9BF@ren-isac.net>

In-reply-to: <1498164836.3924942.1018352872.143F338C@webmail.messagingengine.com>

References: <1498164836.3924942.1018352872.143F338C@webmail.messagingengine.com>

—
Ian Jackson
Principal System Administrator
REN-ISAC
ianjack@ren-isac.net
https://www.ren-isac.net
FC12 8329 B73D 0292 6AE9 7D36 A6EC F996 7BEC 92

On Jun 22, 2017, at 4:53 PM, Chris Lamb <lamby@debian.org> wrote:

Signed PGP part
Package        : openvpn
Version        : 2.2.1-8+deb7u5
CVE ID         : CVE-2017-7520
Debian Bug     : #865480

It was discovered that there were multiple out-of-bounds memory read
vulnerabilities in openvpn, a popular virtual private network (VPN) daemon.

If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle
attacker could cause the client to crash or disclose at most 96 bytes of stack
memory, likely to contain the proxy password.

For Debian 7 "Wheezy", this issue has been fixed in openvpn version
2.2.1-8+deb7u5.

We recommend that you upgrade your openvpn packages.

Regards,

--
      ,''`.
     : :' :     Chris Lamb, Debian Project Leader
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Attachment: signature.asc
Description: Message signed with OpenPGP

Reply to: