Medium: openvpn

2014-12-10T13:27:00
ID ALAS-2014-459
Type amazon
Reporter Amazon
Modified 2014-12-10T13:27:00

Description

Issue Overview:

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

Affected Packages:

openvpn

Issue Correction:
Run yum update openvpn to update your system.

New Packages:

i686:  
    openvpn-debuginfo-2.3.6-1.12.amzn1.i686  
    openvpn-2.3.6-1.12.amzn1.i686

src:  
    openvpn-2.3.6-1.12.amzn1.src

x86_64:  
    openvpn-debuginfo-2.3.6-1.12.amzn1.x86_64  
    openvpn-2.3.6-1.12.amzn1.x86_64