==========================================================================
Ubuntu Security Notice USN-3339-2
August 07, 2017

openvpn vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in OpenVPN.

Software Description:
– openvpn: virtual private network software

Details:

USN-3339-1 fixed several issues in OpenVPN. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Guido Vranken discovered that OpenVPN incorrectly handled an HTTP
 proxy with NTLM authentication. A remote attacker could use this issue
 to cause OpenVPN clients to crash, resulting in a denial of service,
 or possibly expose sensitive memory contents. (CVE-2017-7520)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  openvpn                         2.2.1-8ubuntu1.5

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3339-2
  https://www.ubuntu.com/usn/usn-3339-1
  CVE-2017-7520
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJZiHveAAoJEEW851uECx9p0soP/itVpp6owrMpQUutgVZqN77f
PPrEPTrsrhkZsDZaDNW2QJxgQEOPPGjRUlS8u7xWUL2F3w+CjFotsjT7SEoKBcDL
Ap6oxploUw2yR1D+hcHv9O1oRmsXefkPmm8etRD/wCkoRsVBh/bOW1dJ0c00HlRN
C0bNDwLSNw4Mx7L/7f5cwelIbNBTaGETXbgF+nYd2Z3fG/ua/SwNxi1Se++GJPyT
GPWIl3jzddvgewreMWiILDB4PNlKL+VvMtKveFGss4Vi7k8OfLw5CmtmhGP/+a/j
APPj5qVBXcoy5BrtqQSiuEwViBNtdJIp0E1/xTxMBqm4+PhiE1pHEI0QSkX/yLfj
zDs/qjGtaa5kKKhlxgEWwyFAA3MdzSDLPxw4/jNK0P82LBnSWZvtN1QFZCMZzsqd
k2plCZPmIGbu++a1rdlc9xHhwu6KHVsNQhchOyrNAy1PGsVxSGdqwCvsMeLLLH56
lkBDn0nfyCtZl2QgBmOllmvPi8FyuSJ3PoN/eWIzOdj/Xujjn1qyZAqe7KWpK03m
dmXenNAbw5DDFxkjIbicTmV+pEI8K9WuijzZ2V84F0TgcPObMAjKvxhDebAI4Z55
cgxx1H7497Qlzx5IVOCmWcrC8zuefdo8viKckHdrmaiT0Smxi04COx9/PojcBHMA
gsUkTxoaz919pyqiIwBR
=19hv
—–END PGP SIGNATURE—–
—