Amazon Linux 1 Security Advisory: ALAS-2017-920
Advisory Release Date: 2017-11-02 20:19 Pacific
Advisory Updated Date: 2017-11-03 05:54 Pacific
OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. (CVE-2017-12166)
Affected Packages:
openvpn
Issue Correction:
Run yum update openvpn to update your system.
i686:
openvpn-debuginfo-2.4.4-1.21.amzn1.i686
openvpn-2.4.4-1.21.amzn1.i686
openvpn-devel-2.4.4-1.21.amzn1.i686
src:
openvpn-2.4.4-1.21.amzn1.src
x86_64:
openvpn-debuginfo-2.4.4-1.21.amzn1.x86_64
openvpn-devel-2.4.4-1.21.amzn1.x86_64
openvpn-2.4.4-1.21.amzn1.x86_64