Fedora 34: openvpn 2021-b805c26afa | LinuxSecurity.com

Advisories

What Are You Looking For?

Popular Tags

Contribute

Advisories This Week: 212

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-b805c26afa
2021-04-26 00:26:25.299577
--------------------------------------------------------------------------------

Name        : openvpn
Product     : Fedora 34
Version     : 2.5.2
Release     : 1.fc34
URL         : https://community.openvpn.net/
Summary     : A full-featured TLS VPN solution
Description :
OpenVPN is a robust and highly flexible tunneling application that uses all
of the encryption, authentication, and certification features of the
OpenSSL library to securely tunnel IP networks over a single UDP or TCP
port.  It can use the Marcus Franz Xaver Johannes Oberhumers LZO library
for compression.

--------------------------------------------------------------------------------
Update Information:

Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers
to bypass authentication and access control channel data on servers configured
with deferred authentication, which can be used to potentially trigger further
information leaks. (CVE-2020-15078)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 21 2021 David Sommerseth  - 2.5.2-1
- Update to upstream OpenVPN 2.5.2
- Fixes CVE-2020-15078
- Replaces --ncp-ciphers with --data-ciphers in the server systemd service unit
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1952935 - CVE-2020-15078 openvpn: Authentication bypass with deferred authentication [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1952935
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-b805c26afa' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 34: openvpn 2021-b805c26afa

April 25, 2021
Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authenti...

Summary

OpenVPN is a robust and highly flexible tunneling application that uses all

of the encryption, authentication, and certification features of the

OpenSSL library to securely tunnel IP networks over a single UDP or TCP

port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library

for compression.

Update Information:

Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)

Change Log

* Wed Apr 21 2021 David Sommerseth - 2.5.2-1 - Update to upstream OpenVPN 2.5.2 - Fixes CVE-2020-15078 - Replaces --ncp-ciphers with --data-ciphers in the server systemd service unit

References

[ 1 ] Bug #1952935 - CVE-2020-15078 openvpn: Authentication bypass with deferred authentication [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1952935

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-b805c26afa' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : openvpn
Product : Fedora 34
Version : 2.5.2
Release : 1.fc34
URL : https://community.openvpn.net/
Summary : A full-featured TLS VPN solution

News

Advisories

HOWTOs

Features

Open Source OSINT Tools and Techniques
The Story Behind the Linux Security Quick Reference Guide
Benefits & Drawbacks of Using a VPN on Linux
How a WAF Could Improve the Security of Your Linux Web Applications
Installing SurfShark VPN On Kali Linux: The Authoritative Guide

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy