-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : openvpn Version : 2.2.1-8+deb7u5 CVE ID : CVE-2017-7520 Debian Bug : #865480
It was discovered that there were multiple out-of-bounds memory read vulnerabilities in openvpn, a popular virtual private network (VPN) daemon. If clients used a HTTP proxy with NTLM authentication, a man-in-the-middle attacker could cause the client to crash or disclose at most 96 bytes of stack memory, likely to contain the proxy password. For Debian 7 "Wheezy", this issue has been fixed in openvpn version 2.2.1-8+deb7u5. We recommend that you upgrade your openvpn packages. Regards, - -- ,''`. : :' : Chris Lamb, Debian Project Leader `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAllMLksACgkQHpU+J9Qx HlgNJg/9Esah0Kgg3eWE8bDaPUY030QNbTqFcHYa6Fw9+rLtHrqmAh0KVWEaL0F3 4s+nheyFvwf+lwo2e5bh8bvuGpxe1pwzbaOizXIzVpkJtnlz4zYRWqymxj2r/oY2 +W18U6j3TePJ1cSHp9AqVxtEVlH7f0kRwiDOvAEGW8XVRh+SpmubqWiHyzdD9GaM 1yafyLEVt+Pv+o6nE2jvUOP+iyTB456DiBrLuZKxTkl+pWIEcyxHVDJ/95rxYsHV O3CkpFOnLWlA4GsNe6chnFZTnlGv43P4K/vvYkHoRNUHE4MvfM604yUZmOPKCfXp y0QpYLdcXL2Y5btHt0dky4p5JPhBy61ehjdCH4554PnwOiOro93cmFwCC3sSF+AA r9eXdGgErOWi34yamorZyoZ5Pyea+Syza/iTI79bL8BE/BcEFtXPM324MwnWXpcw qP/SC5W52v+Ca+LIxPDrvlvfYVYvRtvI4axzwjBanGF68KswHhafxun7P6l+F1OP n+SnKUSiMk1/12T8sA4ircvioydPe5AxP5WykSwSntjnBM4Jd589LspKZDZBZaAi fWt8QxSphvL/4jD4JE8sF8aQCiCVO88Iizykv9mx5Hr0G7cfPEzxjKpoiAAqZLYw Y5v5htVwW81L05h48dg/Cm9PFD1ZwFMPzLha4V5ZE2mo7/NQGzI= =5coS -----END PGP SIGNATURE-----