CVE-2014-8104

Publication date 1 December 2014

Last updated 24 July 2024

Ubuntu priority

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openvpn	14.10 utopic	Fixed 2.3.2-9ubuntu1.1
	14.04 LTS trusty	Fixed 2.3.2-7ubuntu3.1
	12.04 LTS precise	Fixed 2.2.1-8ubuntu1.4
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
openvpn	Upstream: http://sourceforge.net/p/openvpn/openvpn/ci/1be49401a37ebc88a942eb6bee055a9587a39b3f/ Upstream: http://sourceforge.net/p/openvpn/openvpn/ci/97597e732bda083e9aefc7a9f1b05056bf6ffd55/

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2430-1
OpenVPN vulnerability
2 December 2014

Other references

https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
https://www.cve.org/CVERecord?id=CVE-2014-8104