Debian Security Advisory DSA 1045-1 (openvpn)

Summary
The remote host is missing an update to openvpn announced via advisory DSA 1045-1. Hendrik Weimer discovered that OpenVPN, the Virtual Private Network daemon, allows to push environment variables to a client allowing a malicious VPN server to take over connected clients. the old stable distribution (woody) does not contain openvpn packages.
Solution
For the stable distribution (sarge) this problem has been fixed in version 2.0-1sarge3. For the unstable distribution (sid) this problem has been fixed in version 2.0.6-1. We recommend that you upgrade your openvpn package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201045-1