Debian 7 Wheezy DLA-999-1 Critical OpenVPN Memory Disclosure Threat
debian lts
June 22, 2017
It was discovered that there were multiple out-of-bounds memory read vulnerabilities in openvpn, a popular virtual private network (VPN) daemon
Summary
If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle
attacker could cause the client to crash or disclose at most 96 bytes of stack
memory, likely to contain the proxy password.
For Debian 7 "Wheezy", this issue has been fixed in openvpn version
2.2.1-8+deb7u5.
We recommend that you upgrade your openvpn packages.
Regards,
- --
,'`.
: :' : Chris Lamb, Debian Project Leader
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: openvpn
Version: 2.2.1-8+deb7u5
CVE ID: CVE-2017-7520
Debian Bug: #865480
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!