==========================================================================
Ubuntu Security Notice USN-2368-1
October 02, 2014

openvpn vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

OpenVPN could be made to expose sensitive information over the network.

Software Description:
– openvpn: virtual private network software

Details:

It was discovered that OpenVPN incorrectly handled HMAC comparisons when
running in UDP mode. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could possibly be used to perform a
plaintext recovery attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
openvpn 2.2.1-8ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2368-1
CVE-2013-2061

Package Information:
https://launchpad.net/ubuntu/+source/openvpn/2.2.1-8ubuntu1.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJULY6EAAoJEGVp2FWnRL6T+YUP/iefKnNZolFG/vKGm3qqc2FD
UuEQtfo3VEvYBlqxyIp0sKRsH3sh9r268CKP88af790PiqHBNP2cgLz2Zfa0mkyh
m0xtyxxD7EyRQMdZg6X5wHbL7Qf0Gis7NJfaVQJfMnC5EcZzDv3gvZDtdlUcREIO
brPSvAYwn26Fb+ACvyyxQS80VGr8I0vQFBWQjGehZoXzaoGuuKvyRMRgjHhnfUSY
p/l2R5llBYdaxIQmGttz8s5/K5jpSxxUNwV0WEFd1lN+pxRtg0okNtKKsnlXnAUh
MgNpCskZVqWU9AtPZbJnFSfUFjv1jfKMxYiJVHnYUEegAQPLEFtZt6p92E/sYnPJ
Sa7P7Gxc5GZF1hqmVPLtJShuKu5f8aVHyw31o+98WB+oryhJMcK0GypTvHKntCXZ
wkByMXYACwt29z6j4xOg0gRYyxIgV7Eju2Pn5TSvGXObBV+3jGnNlWatC7jtN0e6
ciMQ/pwpPN7FJUSKZX5z8kHYQrqomCAcv4GM3awpQEdGseqqIlDDuXI3H501cXzi
2KAlL5D4JV6Rb3tLNdb9fLn6wWqS2erAoLf1DoAggVwPMKsjbFe0e37IAS6Yhl2z
TauTQYwUqsr1tZ51w0/oX6ldbtaetnNbGiRkNpcFoFoMI4t74hn5CkQWx9gJa2UO
u3s9gqNdRCUijG0LGMd8
=jJqC
—–END PGP SIGNATURE—–
—