aru Posted April 11, 2006 Report Share Posted April 11, 2006 Mandriva Advisories MDKSA-2006:069 : openvpn Updated openvpn packages fix vulnerability April 10th, 2006 A vulnerability in OpenVPN 2.0 through 2.0.5 allows a malicious server to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. Updated packages have been patched to correct this issue by removing setenv support. The released versions of Mandriva GNU/Linux affected are: MNF2.0 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:069 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1629 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts