Amazon Linux 1 Security Advisory: ALAS-2020-1410
Advisory Release Date: 2020-07-28 03:26 Pacific
Advisory Updated Date: 2020-07-29 21:32 Pacific
This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation.(CVE-2020-11810)
Affected Packages:
openvpn
Issue Correction:
Run yum update openvpn to update your system.
i686:
openvpn-devel-2.4.9-1.23.amzn1.i686
openvpn-debuginfo-2.4.9-1.23.amzn1.i686
openvpn-2.4.9-1.23.amzn1.i686
src:
openvpn-2.4.9-1.23.amzn1.src
x86_64:
openvpn-debuginfo-2.4.9-1.23.amzn1.x86_64
openvpn-devel-2.4.9-1.23.amzn1.x86_64
openvpn-2.4.9-1.23.amzn1.x86_64