Headline
Ubuntu Security Notice USN-6850-1
Ubuntu Security Notice 6850-1 - It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using incomplete credentials.
==========================================================================Ubuntu Security Notice USN-6850-1June 26, 2024openvpn vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS- Ubuntu 14.04 LTSSummary:OpenVPN could allow unintended access to network services.Software Description:- openvpn: virtual private network softwareDetails:It was discovered that OpenVPN incorrectly handled certain configurationswith multiple authentication plugins. A remote attacker could possibly usethis issue to bypass authentication using incomplete credentials.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS openvpn 2.3.10-1ubuntu2.2+esm1 Available with Ubuntu ProUbuntu 14.04 LTS openvpn 2.3.2-7ubuntu3.2+esm1 Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6850-1 CVE-2022-0547Related news
Gentoo Linux Security Advisory 202409-08
Gentoo Linux Security Advisory 202409-8 - Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. Versions greater than or equal to 2.6.7 are affected.
CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.