Support / Sécurité / Annonces de sécurité / Multi Network Firewall 2.0 / MDKSA-2006:069

Nom du paquet: openvpn
Date: 2006-04-10
Advisory ID: MDKSA-2006:069
Affected versions: MNF2.0 i586 , 2006.0 i586 , 2006.0 x86_64

Problem description

A vulnerability in OpenVPN 2.0 through 2.0.5 allows a malicious server
to execute arbitrary code on the client by using setenv with the
LD_PRELOAD environment variable.

Updated packages have been patched to correct this issue by removing
setenv support.

Updated packages

MNF2.0 i586

 04b0406ea806da8e1f941910b0f19659  mnf/2.0/RPMS/openvpn-2.0.1-0.3.M20mdk.i586.rpm
 825a02efe56ddc34fcdc49784c50b1e1  mnf/2.0/SRPMS/openvpn-2.0.1-0.3.M20mdk.src.rpm

2006.0 i586

 699824d9aa9e42bf579165599268efbb  2006.0/RPMS/openvpn-2.0.1-2.2.20060mdk.i586.rpm
 38bb27a8f28546fe9cdf06213a172868  2006.0/SRPMS/openvpn-2.0.1-2.2.20060mdk.src.rpm

2006.0 x86_64

 4e8a99c3997f8ecd7e41aee1594a02dc  x86_64/2006.0/RPMS/openvpn-2.0.1-2.2.20060mdk.x86_64.rpm
 38bb27a8f28546fe9cdf06213a172868  x86_64/2006.0/SRPMS/openvpn-2.0.1-2.2.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1629