From mjbaysek at cs.cmu.edu  Mon Oct  2 13:37:54 2006
From: mjbaysek at cs.cmu.edu (Michael J. Baysek)
Date: Mon, 02 Oct 2006 13:37:54 -0400
Subject: [auton-users] Important Upgrade of OpenVPN Client
Message-ID: <45214E72.2050304@cs.cmu.edu>

Hello Lab,

This message is related to a very important update to your OpenVPN 
Client for Windows.  There is a security flaw in versions < 2.0.9 that 
could expose you to a DoS attack, or a compromise. 

If you run Linux, the updates necessary to perform this upgrade are 
installed if you update from your package manager.  If you are running 
The Auton Build 2006 (FC4), or Auton Build 2007 (Ubuntu 6.06), these 
updates will be installed automatically.

If you are running the OpenVPN client on your Windows machine, please 
visit the link below.  Since there is no auto-updater for this program 
under Windows, you must download and run the Windows Installer from the 
link below to update to the latest version.

If you were setup to access BigPapa as a Network drive, you will 
definitely need to perform this upgrade. 

http://openvpn.net/download.html

Please reboot your machine after the upgrade.

-- 
Michael J. Baysek, Systems Analyst
Carnegie Mellon University - Auton Lab
www.cmu.edu - www.autonlab.org
412-268-8939



-------- Original Message --------
Subject: 	[SA22232] OpenVPN Multiple Vulnerabilities
Date: 	2 Oct 2006 15:18:25 -0000
From: 	Secunia Security Advisories <sec-adv at secunia.com>
To: 	mjbaysek at cs.cmu.edu



----------------------------------------------------------------------

Want to work within IT-Security?

Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.

Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/ 
http://secunia.com/hardcore_disassembler_and_reverse_engineer/

----------------------------------------------------------------------

TITLE:
OpenVPN Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA22232

VERIFY ADVISORY:
http://secunia.com/advisories/22232/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
>From remote

SOFTWARE:
OpenVPN 2.x
http://secunia.com/product/5568/

DESCRIPTION:
Some vulnerabilities have been reported in OpenVPN, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

The OpenVPN Windows Installer prior to 2.0.9 includes vulnerable
versions of the OpenSSL DLL files.

For more information:
SA22130

SOLUTION:
Update to version 2.0.9.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://openvpn.net/changelog.html

OTHER REFERENCES:
SA21846:
http://secunia.com/advisories/21846/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=mjbaysek%40cs.cmu.edu

----------------------------------------------------------------------