Shorewall users - Nov 2005 - Security problem in openvpn

I think you all would like to know that a bug was detected in openVPN 2.0 
- both in the client and the server side.   From the SecurityFocus 
Newsletter:

4. OpenVPN Client Remote Format String Vulnerability
BugTraq ID: 15239
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15239
Summary:
OpenVPN is reported prone to a remote format string vulnerability.
[...]

32. OpenVPN Server Remote Denial Of Service Vulnerability
BugTraq ID: 15270
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15270
Summary:
OpenVPN server is prone to a remote denial of service vulnerability. This 
is due to a design error in which the server, running in TCP mode, will be 
unable to handle exceptional conditions.

This issue affects all OpenVPN 2.0 versions [...].


The OpenVPN site has a new version 2.0.5 already fixed.

hope it helps,

--
Eduardo Ferreira

On Wednesday 09 November 2005 09:08, Eduardo Ferreira
wrote:
> I think you all would like to know that a bug was detected in openVPN 2.0
> - both in the client and the server side.   From the SecurityFocus
> Newsletter:
>
>
> The OpenVPN site has a new version 2.0.5 already fixed.
It is my understanding that this update should only be considered essential if 
you use TCP (which is not a good choice for OpenVPN use over the internet). 
The first of the problems can only occur if your server is already 
compromised through some other means.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key