ALAS-2020-1410


Amazon Linux AMI Security Advisory: ALAS-2020-1410
Advisory Release Date: 2020-07-29 21:32 Pacific
Severity: Medium
References: CVE-2020-11810 

Issue Overview:

This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation.(CVE-2020-11810 )


Affected Packages:

openvpn


Issue Correction:
Run yum update openvpn to update your system.

New Packages:
i686:
    openvpn-devel-2.4.9-1.23.amzn1.i686
    openvpn-debuginfo-2.4.9-1.23.amzn1.i686
    openvpn-2.4.9-1.23.amzn1.i686

src:
    openvpn-2.4.9-1.23.amzn1.src

x86_64:
    openvpn-debuginfo-2.4.9-1.23.amzn1.x86_64
    openvpn-devel-2.4.9-1.23.amzn1.x86_64
    openvpn-2.4.9-1.23.amzn1.x86_64