VikingVPN is Patching OpenVPN for a Denial of Service Attack Vulnerability

We are in the process of patching our servers for the recently discovered DOS vulnerability. Upgrading our servers to a new version of OpenVPN will require us to issue a rolling restart to all server clusters. This may cause clients to stop responding to network requests in the process. Downtime is expected to be approximately two seconds. Disconnecting and reconnecting to the service should instantly fix any issues.

The vulnerability is performance related only, and there is no risk to client information leaking as a result of the discovered bug.

A new version of OpenVPN is available fixing the issue (OpenVPN 2.3.6). This issue is mostly server-side so an upgrade from 2.3.5 is not going to be required to connect to our network.

You can read more about the vulnerability here: https://access.redhat.com/security/cve/CVE-2014-8104

< last
next >