OpenVPN: Denial of service

Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description OpenVPN does not properly handle control channel packets that are too small. Impact A remote authenticated attacker could send a specially crafted control channel packet, possibly resulting in a Denial of Service...

Amazon Linux AMI : openvpn (ALAS-2014-459)

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service server crash via a small control channel packet. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Fedora 19 : openvpn-2.3.6-1.fc19 / pkcs11-helper-1.11-3.fc19 (2014-16234)

Fix for CVE-2014-8104. https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e 732b Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora 20 : openvpn-2.3.6-1.fc20 / pkcs11-helper-1.11-3.fc20 (2014-16273)

Fix for CVE-2014-8104. https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e 732b Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Mandriva Linux Security Advisory : openvpn (MDVSA-2014:246)

Updated openvpn packages fix security vulnerability : Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service CVE-2014-8104. The openvpn...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : openvpn (SSA:2014-344-04)

New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-344-04. The text...

Fedora 21 : openvpn-2.3.6-1.fc21 (2014-16060)

Fix for CVE-2014-8104. https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e 732b Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora Update for openvpn FEDORA-2014-16234

Check the version of openvpn SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868594";...

Fedora Update for openvpn FEDORA-2014-16273

Check the version of openvpn SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868587";...

[SECURITY] Fedora 20 Update: openvpn-2.3.6-1.fc20

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for...

[SECURITY] Fedora 19 Update: openvpn-2.3.6-1.fc19

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for...

[SECURITY] Fedora 21 Update: openvpn-2.3.6-1.fc21

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for...

[slackware-security] openvpn

New openvpn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/openvpn-2.3.6-i486-1slack14.1.txz: Upgraded. This update fixes a security issue that allows remote...

Medium: openvpn

Issue Overview: OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service server crash via a small control channel packet. Affected Packages: openvpn Issue Correction: Run yum update openvpn or yum update --advisory...

openSUSE Security Update : openvpn (openSUSE-SU-2014:1594-1)

openvpn was updated to fix a denial-of-service vulnerability where an authenticated client could stop the server by triggering a server-side ASSERT bnc907764,CVE-2014-8104, %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

SuSE 11.3 Security Update : OpenVPN (SAT Patch Number 10061)

This update fixes a critical denial of service vulnerability in OpenVPN : - Critical denial of service vulnerability in OpenVPN servers that can be triggered by authenticated attackers. Also an incompatibility with OpenVPN and OpenSSL in FIPS mode has been fixed. bnc895882. CVE-2014-8104...

openSUSE: Security Advisory for openvpn (openSUSE-SU-2014:1594-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for openvpn (important)

openvpn was updated to fix a denial-of-service vulnerability where an authenticated client could stop the server by triggering a server-side ASSERT bnc907764,CVE-2014-8104,...

MGASA-2014-0512 Updated openvpn package fixes CVE-2014-8104

Updated openvpn packages fix security vulnerability: Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service CVE-2014-8104...

Updated openvpn package fixes CVE-2014-8104

Updated openvpn packages fix security vulnerability: Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control channel packets. An authenticated attacker could use this issue to cause an OpenVPN server to crash, resulting in a denial of service CVE-2014-8104...