Univention Bugzilla – Bug 37239
openvpn: Denial of service (ES 3.1)
Last modified: 2015-09-03 12:58:55 CEST
CVE-2014-8104 OpenVPN clients using TLS authentication can crash the server by sending a malicious control channel packet to the server, resulting in denial of service.
Created attachment 7145 [details] 3.1-openvpn.txt
repo_admin.py -U -p openvpn -d squeeze-lts -r 3.1-0-0 -s extsec3.1 openvpn has been built. The new package should be between the old UCS 3.1 package and the UCS 3.2 package.
The update seems to fix CVE-2013-2061 too, please update the advisory accordingly. Advisory: otherwise OK Changelog: OK Tests (amd64): OK
Created attachment 7153 [details] 3.1-openvpn.txt
(In reply to Janek Walkenhorst from comment #3) > The update seems to fix CVE-2013-2061 too, please update the advisory > accordingly. Done.
(In reply to Stefan Gohmann from comment #5) > (In reply to Janek Walkenhorst from comment #3) > > The update seems to fix CVE-2013-2061 too, please update the advisory > > accordingly. > > Done. OK
Published