ALAS-2020-1410

Amazon Linux 1 (EOL) Security Advisory: ALAS-2020-1410
Advisory Released Date: 2020-07-29
Advisory Updated Date: 2020-07-29
Severity: Medium
Issue Overview:

This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation.(CVE-2020-11810)


Affected Packages:

openvpn


Issue Correction:
Run yum update openvpn to update your system.

New Packages:
i686:
    openvpn-devel-2.4.9-1.23.amzn1.i686
    openvpn-debuginfo-2.4.9-1.23.amzn1.i686
    openvpn-2.4.9-1.23.amzn1.i686

src:
    openvpn-2.4.9-1.23.amzn1.src

x86_64:
    openvpn-debuginfo-2.4.9-1.23.amzn1.x86_64
    openvpn-devel-2.4.9-1.23.amzn1.x86_64
    openvpn-2.4.9-1.23.amzn1.x86_64

Additional References

Red Hat: CVE-2020-11810

Mitre: CVE-2020-11810