Debian Security Advisory
DLA-98-1 openvpn -- LTS security update
- Date Reported:
- 02 Dec 2014
- Affected Packages:
- openvpn
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-8104.
- More information:
-
Dragana Damjanovic discovered that an authenticated client could crash an OpenVPN server by sending a control packet containing less than four bytes as payload.
For the oldstable distribution (squeeze), this problem has been fixed in version 2.1.3-2+squeeze3 in squeeze-lts.
We recommend that you upgrade your openvpn packages.