Hi, You may have read that the sky is falling (it's not) related to a possible integer overflow with the LZO compression library: CVE-2014-4607
The saving grace is the buffer passed to the LZO code needs to be 16 MB or greater to cause a problem, here is OpenVPN developer's response: "We have discussed this vulnerability and came to the conclusion that OpenVPN is not affected..." Vulnerability in bundled LZO compression code https://community.openvpn.net/openvpn/ticket/419 The next release of AstLinux will include the latest LZO library with CVE-2014-4607 fixed, as we should. At this given time, it does not appear recent versions of AstLinux have any exploitable LZO vulnerability. If anyone has a thought where a hidden LZO vulnerability could exist, please *privately* contact one of the developers here. We will be looking as well. Keep it secure, The AstLinux Team ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
