Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6860-1

Ubuntu Security Notice 6860-1 - Reynir Bjoernsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client could possibly use this issue to keep the connection active, bypassing certain security policies. This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS. Reynir Bjoernsson discovered that OpenVPN incorrectly handled certain control channel messages with nonprintable characters. A remote attacker could possibly use this issue to cause OpenVPN to consume resources, or fill up log files with garbage, leading to a denial of service.

Packet Storm
#vulnerability#ubuntu#dos#auth

==========================================================================
Ubuntu Security Notice USN-6860-1
July 02, 2024

openvpn vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in OpenVPN.

Software Description:

  • openvpn: virtual private network software

Details:

Reynir Björnsson discovered that OpenVPN incorrectly handled terminating
client connections. A remote authenticated client could possibly use this
issue to keep the connection active, bypassing certain security policies.
This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS.
(CVE-2024-28882)

Reynir Björnsson discovered that OpenVPN incorrectly handled certain
control channel messages with nonprintable characters. A remote attacker
could possibly use this issue to cause OpenVPN to consume resources, or
fill up log files with garbage, leading to a denial of service.
(CVE-2024-5594)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
openvpn 2.6.9-1ubuntu4.1

Ubuntu 23.10
openvpn 2.6.5-0ubuntu1.2

Ubuntu 22.04 LTS
openvpn 2.5.9-0ubuntu0.22.04.3

Ubuntu 20.04 LTS
openvpn 2.4.12-0ubuntu0.20.04.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6860-1
CVE-2024-28882, CVE-2024-5594

Package Information:
https://launchpad.net/ubuntu/+source/openvpn/2.6.9-1ubuntu4.1
https://launchpad.net/ubuntu/+source/openvpn/2.6.5-0ubuntu1.2
https://launchpad.net/ubuntu/+source/openvpn/2.5.9-0ubuntu0.22.04.3
https://launchpad.net/ubuntu/+source/openvpn/2.4.12-0ubuntu0.20.04.2

Packet Storm: Latest News

Red Hat Security Advisory 2024-8690-03