Advisories » MGASA-2014-0512

Updated openvpn package fixes CVE-2014-8104

Publication date: 05 Dec 2014
Modification date: 05 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8104

Description

Updated openvpn packages fix security vulnerability:

Dragana Damjanovic discovered that OpenVPN incorrectly handled certain control
channel packets. An authenticated attacker could use this issue to cause an
OpenVPN server to crash, resulting in a denial of service (CVE-2014-8104).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14714
• http://www.ubuntu.com/usn/usn-2430-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8104

SRPMS

4/core

• openvpn-2.3.2-3.1.mga4