Hendrik Weimer discovered that OpenVPN, the Virtual Private Network daemon, allows to push environment variables to a client allowing a malicious VPN server to take over connected clients. The old stable distribution (woody) does not contain openvpn packages. For the stable distribution (sarge) this problem has been fixed in version 2.0-1sarge3. For the unstable distribution (sid) this problem has been fixed in version 2.0.6-1. We recommend that you upgrade your openvpn package.
Hendrik Weimer discovered that OpenVPN, the Virtual Private Network daemon, allows to push environment variables to a client allowing a malicious VPN server to take over connected clients.
The old stable distribution (woody) does not contain openvpn packages.
For the stable distribution (sarge) this problem has been fixed in version 2.0-1sarge3.
For the unstable distribution (sid) this problem has been fixed in version 2.0.6-1.
We recommend that you upgrade your openvpn package.
MD5 checksums of the listed files are available in the original advisory.