Amazon Linux 1 Security Advisory: ALAS-2016-750
Advisory Release Date: 2016-09-27 10:30 Pacific
Advisory Updated Date: 2016-09-27 10:30 Pacific
Ciphers with 64-bit block sizes used in CBC mode were found to be vulnerable to a birthday attack when key renegotiation doesn't happen frequently or at all in long running connections. The blowfish cipher as used in OpenVPN by default is vulnerable to this attack, allowing a remote attacker to recover partial plaintext information (XOR of two plaintext blocks).
Affected Packages:
openvpn
Issue Correction:
Run yum update openvpn to update your system.
i686:
openvpn-debuginfo-2.3.12-1.16.amzn1.i686
openvpn-2.3.12-1.16.amzn1.i686
src:
openvpn-2.3.12-1.16.amzn1.src
x86_64:
openvpn-2.3.12-1.16.amzn1.x86_64
openvpn-debuginfo-2.3.12-1.16.amzn1.x86_64