Amazon Linux: Security Advisory (ALAS-2013-201)
Information
Severity
Severity
Low
Family
Family
Amazon Linux Local Security Checks
CVSSv2 Base
CVSSv2 Base
2.6
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:H/Au:N/C:P/I:N/A:N
Solution Type
Solution Type
Vendor Patch
Created
Created
6 years ago
Modified
Modified
5 months ago
Summary
The remote host is missing an update announced via the referenced Security Advisory.
Insight
Insight
The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.
Solution
Solution
Run yum update openvpn to update your system.
Common Vulnerabilities and Exposures (CVE)
Want the latest vulnerabilities news?
Sign up to stay up to date. It is free and always will be.