OpenVPN Flaw Opens Door to Denial-of-Service Attacks
Gnoppix Security issued an urgent advisory for OpenVPN with identifier GSA-6376-1. A critical vulnerability permits remote attackers to crash the service, leading to a denial-of-service condition.
No current workaround exists; immediate patching is vital.
Which Versions Are Affected?
- Gnoppix 23/25 (old stable) – All versions of OpenVPN before 2.6.12-1+deb12u2.
- Gnoppix 25 (stable) – All versions before 2.6.12-2.
The Vulnerability in Detail
The flaw lies in how OpenVPN handles specific network packets. An attacker can send a crafted packet, causing the VPN server to exit unexpectedly or enter an infinite loop, blocking legitimate connections.
Immediate Action Required
All administrators must update their OpenVPN packages using standard Gnoppix package managers. A system restart is not required after applying the update.
Attackers may exploit this remotely without authentication—update immediately. - Please update your systems.