[SECURITY] [DLA 999-1] openvpn security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : openvpn
Version : 2.2.1-8+deb7u5
CVE ID : CVE-2017-7520
Debian Bug : #865480
It was discovered that there were multiple out-of-bounds memory read
vulnerabilities in openvpn, a popular virtual private network (VPN) daemon.
If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle
attacker could cause the client to crash or disclose at most 96 bytes of stack
memory, likely to contain the proxy password.
For Debian 7 "Wheezy", this issue has been fixed in openvpn version
2.2.1-8+deb7u5.
We recommend that you upgrade your openvpn packages.
Regards,
- --
,''`.
: :' : Chris Lamb, Debian Project Leader
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllMLksACgkQHpU+J9Qx
HlgNJg/9Esah0Kgg3eWE8bDaPUY030QNbTqFcHYa6Fw9+rLtHrqmAh0KVWEaL0F3
4s+nheyFvwf+lwo2e5bh8bvuGpxe1pwzbaOizXIzVpkJtnlz4zYRWqymxj2r/oY2
+W18U6j3TePJ1cSHp9AqVxtEVlH7f0kRwiDOvAEGW8XVRh+SpmubqWiHyzdD9GaM
1yafyLEVt+Pv+o6nE2jvUOP+iyTB456DiBrLuZKxTkl+pWIEcyxHVDJ/95rxYsHV
O3CkpFOnLWlA4GsNe6chnFZTnlGv43P4K/vvYkHoRNUHE4MvfM604yUZmOPKCfXp
y0QpYLdcXL2Y5btHt0dky4p5JPhBy61ehjdCH4554PnwOiOro93cmFwCC3sSF+AA
r9eXdGgErOWi34yamorZyoZ5Pyea+Syza/iTI79bL8BE/BcEFtXPM324MwnWXpcw
qP/SC5W52v+Ca+LIxPDrvlvfYVYvRtvI4axzwjBanGF68KswHhafxun7P6l+F1OP
n+SnKUSiMk1/12T8sA4ircvioydPe5AxP5WykSwSntjnBM4Jd589LspKZDZBZaAi
fWt8QxSphvL/4jD4JE8sF8aQCiCVO88Iizykv9mx5Hr0G7cfPEzxjKpoiAAqZLYw
Y5v5htVwW81L05h48dg/Cm9PFD1ZwFMPzLha4V5ZE2mo7/NQGzI=
=5coS
-----END PGP SIGNATURE-----
Reply to: