[auton-users] Important Upgrade of OpenVPN Client
Michael J. Baysek
mjbaysek at cs.cmu.edu
Mon Oct 2 13:37:54 EDT 2006
Hello Lab,
This message is related to a very important update to your OpenVPN
Client for Windows. There is a security flaw in versions < 2.0.9 that
could expose you to a DoS attack, or a compromise.
If you run Linux, the updates necessary to perform this upgrade are
installed if you update from your package manager. If you are running
The Auton Build 2006 (FC4), or Auton Build 2007 (Ubuntu 6.06), these
updates will be installed automatically.
If you are running the OpenVPN client on your Windows machine, please
visit the link below. Since there is no auto-updater for this program
under Windows, you must download and run the Windows Installer from the
link below to update to the latest version.
If you were setup to access BigPapa as a Network drive, you will
definitely need to perform this upgrade.
http://openvpn.net/download.html
Please reboot your machine after the upgrade.
--
Michael J. Baysek, Systems Analyst
Carnegie Mellon University - Auton Lab
www.cmu.edu - www.autonlab.org
412-268-8939
-------- Original Message --------
Subject: [SA22232] OpenVPN Multiple Vulnerabilities
Date: 2 Oct 2006 15:18:25 -0000
From: Secunia Security Advisories <sec-adv at secunia.com>
To: mjbaysek at cs.cmu.edu
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
OpenVPN Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA22232
VERIFY ADVISORY:
http://secunia.com/advisories/22232/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
SOFTWARE:
OpenVPN 2.x
http://secunia.com/product/5568/
DESCRIPTION:
Some vulnerabilities have been reported in OpenVPN, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
The OpenVPN Windows Installer prior to 2.0.9 includes vulnerable
versions of the OpenSSL DLL files.
For more information:
SA22130
SOLUTION:
Update to version 2.0.9.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://openvpn.net/changelog.html
OTHER REFERENCES:
SA21846:
http://secunia.com/advisories/21846/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=mjbaysek%40cs.cmu.edu
----------------------------------------------------------------------
More information about the Autonlab-users
mailing list