Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 12.04: USN-3339-2 Moderate: OpenVPN Denial of Service

ubuntu
Calendar Grey August 7, 2017
Dist Ubuntu Esm H88
Ubuntu Security Advisory USN-3340-1 addresses vulnerabilities in OpenVPN that could result in system crashes and unauthorized access to sensitive information.
Several security issues were fixed in OpenVPN.

Summary

Several security issues were fixed in OpenVPN.

Software Description:

- openvpn: virtual private network software

Details:

USN-3339-1 fixed several issues in OpenVPN. This update

provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Guido Vranken discovered that OpenVPN incorrectly handled an HTTP

 proxy with NTLM authentication. A remote attacker could use this issue

 to cause OpenVPN clients to crash, resulting in a denial of service,

 or possibly expose sensitive memory contents. (CVE-2017-7520)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  openvpn                         2.2.1-8ubuntu1.5

In general, a standard system update will make all the necessary
changes.

References

 

  https://ubuntu.com/security/notices/USN-3339-1

  CVE-2017-7520

August 07, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here