Errata overview
Errata ID 340
Date 2018-04-18
Source package openvpn
Fixed in version 2.3.4-5+deb8u2
This update addresses the following issues:
* OpenVPN is vulnerable to remote denial-of-service when receiving malformed
  IPv6 packet. (CVE-2017-7508)
* OpenVPN is vulnerable to remote denial-of-service due to memory exhaustion
  caused by memory leaks and double-free issue in extract_x509_extension().
* OpenVPN is vulnerable to denial-of-service and/or possibly sensitive memory
  leak triggered by man-in-the-middle attacker. (CVE-2017-7520)
* OpenVPN is vulnerable to reachable assertion when packet-ID counter rolls
  over resulting into Denial of Service of server by authenticated attacker.
Additional notes
CVE ID CVE-2017-7508
UCS Bug number #44969