Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Ubuntu 12.04 LTS USN-2368-1 Critical: OpenVPN Network Exposure Risk

ubuntu
Calendar Grey October 2, 2014
Scroller Ubuntu
Ubuntu 2369-2 resolves a vulnerability in OpenVPN that can potentially leak sensitive network data during certain types of cyber attacks.
OpenVPN could be made to expose sensitive information over the network.

Summary

OpenVPN could be made to expose sensitive information over the network.

Software Description:

- openvpn: virtual private network software

Details:

It was discovered that OpenVPN incorrectly handled HMAC comparisons when

running in UDP mode. If a remote attacker were able to perform a

man-in-the-middle attack, this flaw could possibly be used to perform a

plaintext recovery attack.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  openvpn                         2.2.1-8ubuntu1.3

In general, a standard system update will make all the necessary changes.

References

CVE-2013-2061

Severity
critical
Lowest
Low
Medium
High
Critical

October 02, 2014

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.