Package name
openvpn
Date
2005-12-09
Advisory ID
MDKSA-2005:206-1
Affected versions
2006.0 i586 , 2006.0 x86_64

Problem description

Two Denial of Service vulnerabilities exist in OpenVPN. The first
allows a malicious or compromised server to execute arbitrary code
on the client (CVE-2005-3393). The second DoS can occur if when in
TCP server mode, OpenVPN received an error on accept(2) and the
resulting exception handler causes a segfault (CVE-2005-3409).

The updated packages have been patched to correct these problems.

Update:

Packages are now available for Mandriva Linux 2006.

Updated packages

2006.0 i586

 7804df61685a36064119b813dca83172  2006.0/RPMS/openvpn-2.0.1-2.1.20060mdk.i586.rpm
 2feb66835d37f31735746824027a2ef8  2006.0/SRPMS/openvpn-2.0.1-2.1.20060mdk.src.rpm

2006.0 x86_64

 9d8cd19c6723507a275649c5d070970d  x86_64/2006.0/RPMS/openvpn-2.0.1-2.1.20060mdk.x86_64.rpm
 2feb66835d37f31735746824027a2ef8  x86_64/2006.0/SRPMS/openvpn-2.0.1-2.1.20060mdk.src.rpm

References