Univention Bugzilla – Attachment 7153 Details for
Bug 37239
openvpn: Denial of service (ES 3.1)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
3.1-openvpn.txt
3.1-openvpn.txt (text/plain), 992 bytes, created by
Stefan Gohmann
on 2015-09-03 06:03:04 CEST
(
hide
)
Description:
3.1-openvpn.txt
Filename:
MIME Type:
Creator:
Stefan Gohmann
Created:
2015-09-03 06:03:04 CEST
Size:
992 bytes
patch
obsolete
>A new update is available for Univention Corporate Server 3.1 as >part of the extended security maintenance. >It addresses the following issues: > >Program component: openvpn >Reference: CVE-2014-8104 CVE-2013-2061 >Fixed version: 2.1.3-2.22.201508311636 > >The following issues have been fixed: >* OpenVPN clients using TLS authentication could crash the server by > sending a malicious control channel packet to the server, resulting > in denial of service (CVE-2014-8104). >* When running in UDP mode, OpenVPN allows remote attackers to obtain > sensitive information via a timing attack involving an HMAC comparison > function that does not run in constant time and a padding oracle attack > on the CBC mode cipher (CVE-2013-2061). > > >-- >Univention GmbH >be open. >Mary-Somerville-Str.1 >28359 Bremen >Tel. : +49 421 22232-0 >Fax : +49 421 22232-99 > ><info@univention.de> >http://www.univention.de/ > >Geschäftsführer: Peter H. Ganten >HRB 20755 Amtsgericht Bremen >Steuer-Nr.: 71-597-02876
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7153">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 37239
:
7145
| 7153