Mandrake Linux Security Advisory : openvpn (MDKSA-2005:206-1)
High Nessus Plugin ID 20440
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionTwo Denial of Service vulnerabilities exist in OpenVPN. The first allows a malicious or compromised server to execute arbitrary code on the client (CVE-2005-3393). The second DoS can occur if when in TCP server mode, OpenVPN received an error on accept(2) and the resulting exception handler causes a segfault (CVE-2005-3409).
The updated packages have been patched to correct these problems.
Packages are now available for Mandriva Linux 2006.
SolutionUpdate the affected openvpn package.