UbuntuUpdates.org

Package "openvpn"

Name: openvpn

Description:

virtual private network daemon

Latest version: 2.4.4-2ubuntu1.7
Release: bionic (18.04)
Level: security
Repository: main
Homepage: https://openvpn.net/

Links


Download "openvpn"


Other versions of "openvpn" in Bionic

Repository Area Version
base main 2.4.4-2ubuntu1
updates main 2.4.4-2ubuntu1.7

Changelog

Version: 2.4.4-2ubuntu1.7 2022-03-24 13:06:28 UTC

  openvpn (2.4.4-2ubuntu1.7) bionic-security; urgency=medium

  * SECURITY UPDATE: authentication bypass via multiple deferred
    authentication plug-ins
    - debian/patches/CVE-2022-0547.patch: disallow multiple deferred
      authentication plug-ins in doc/openvpn.8, src/openvpn/plugin.c.
    - CVE-2022-0547

 -- Marc Deslauriers <email address hidden> Tue, 22 Mar 2022 10:41:25 -0400

Source diff to previous version
CVE-2022-0547 OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of def

Version: 2.4.4-2ubuntu1.5 2021-05-04 13:06:19 UTC

  openvpn (2.4.4-2ubuntu1.5) bionic-security; urgency=medium

  * SECURITY UPDATE: data channel v2 packet injection
    - debian/patches/CVE-2020-11810.patch: fix illegal client float in
      src/openvpn/multi.c.
    - CVE-2020-11810
  * SECURITY UPDATE: Authentication bypass with deferred authentication
    - debian/patches/CVE-2020-15078.patch: ensure key state is
      authenticated before sending push reply in src/openvpn/push.c.
    - CVE-2020-15078

 -- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 10:54:29 -0400

CVE-2020-11810 An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally
CVE-2020-15078 OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with defe



About   -   Send Feedback to @ubuntu_updates