From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:145 - Updated openvpn packages fix several vulnerabilities
Message-Id: <E1E7Mu6-0001gN-PZ@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Mon, 22 Aug 2005 18:44:38 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: openvpn
Advisory ID: MDKSA-2005:145
Date: August 22nd, 2005
Affected versions: Multi Network Firewall 2.0
______________________________________________________________________
Problem Description:
A number of vulnerabilities were discovered in OpenVPN that were fixed
in the 2.0.1 release:
A DoS attack against the server when run with "verb 0" and without
"tls-auth" when a client connection to the server fails certificate
verification, the OpenSSL error queue is not properly flushed. This
could result in another unrelated client instance on the server seeing
the error and responding to it, resulting in a disconnection of the
unrelated client (CAN-2005-2531).
A DoS attack against the server by an authenticated client that sends
a packet which fails to decrypt on the server, the OpenSSL error queue
was not properly flushed. This could result in another unrelated
client instance on the server seeing the error and responding to it,
resulting in a disconnection of the unrelated client (CAN-2005-2532).
A DoS attack against the server by an authenticated client is possible
in "dev tap" ethernet bridging mode where a malicious client could
theoretically flood the server with packets appearing to come from
hundreds of thousands of different MAC addresses, resulting in the
OpenVPN process exhausting system virtual memory (CAN-2005-2533).
If two or more client machines tried to connect to the server at the
same time via TCP, using the same client certificate, a race condition
could crash the server if --duplicate-cn is not enabled on the server
(CAN-2005-2534).
This update provides OpenVPN 2.0.1 which corrects these issues as well
as a number of other bugs.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2531http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2532http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2533http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2534
______________________________________________________________________
Updated Packages:
Multi Network Firewall 2.0:
20daf4b6f9dbc1c53f3b4f4d375262d4 mnf/2.0/RPMS/openvpn-2.0.1-0.1.M20mdk.i586.rpm
a92bbc0c8285fecfbe3f439d18a62580 mnf/2.0/SRPMS/openvpn-2.0.1-0.1.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDCnF2mqjQ0CJFipgRAncMAJ9HH4kwuZzIMOYfijt1PO9Q2K7ZVQCg70j+
r9EN5k2ZS+HuS3TwSzt1yaA=
=OHbk
-----END PGP SIGNATURE-----