Support / Security / Advisories / Multi Network Firewall 2.0 / MDKSA-2005:206

Package name: openvpn
Date: 2005-11-08
Advisory ID: MDKSA-2005:206
Affected versions: MNF2.0 i586

Problem description

Two Denial of Service vulnerabilities exist in OpenVPN. The first
allows a malicious or compromised server to execute arbitrary code
on the client (CVE-2005-3393). The second DoS can occur if when in
TCP server mode, OpenVPN received an error on accept(2) and the
resulting exception handler causes a segfault (CVE-2005-3409).

The updated packages have been patched to correct these problems.

Updated packages

MNF2.0 i586

 6d05d03341ef7c99bd0c044ac14383c7  mnf/2.0/RPMS/openvpn-2.0.1-0.2.M20mdk.i586.rpm
 8882e7500e1fb8a255f5f50885042608  mnf/2.0/SRPMS/openvpn-2.0.1-0.2.M20mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3409