Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6850-1

Ubuntu Security Notice 6850-1 - It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using incomplete credentials.

Packet Storm
#vulnerability#ubuntu#auth
==========================================================================Ubuntu Security Notice USN-6850-1June 26, 2024openvpn vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS- Ubuntu 14.04 LTSSummary:OpenVPN could allow unintended access to network services.Software Description:- openvpn: virtual private network softwareDetails:It was discovered that OpenVPN incorrectly handled certain configurationswith multiple authentication plugins. A remote attacker could possibly usethis issue to bypass authentication using incomplete credentials.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS   openvpn                         2.3.10-1ubuntu2.2+esm1                                   Available with Ubuntu ProUbuntu 14.04 LTS   openvpn                         2.3.2-7ubuntu3.2+esm1                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6850-1   CVE-2022-0547

Related news

Gentoo Linux Security Advisory 202409-08

Gentoo Linux Security Advisory 202409-8 - Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. Versions greater than or equal to 2.6.7 are affected.

CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution