Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

Ubuntu 21.10, 20.04, 18.04: USN-5347-1 Moderate: OpenVPN Auth Bypass

ubuntu
Calendar Grey March 24, 2022
Dist Ubuntu Esm H88
Critical flaw found in OpenVPN on Ubuntu may permit unauthorized entry to network services, demanding immediate patching.
OpenVPN could allow unintended access to network services.

Summary

OpenVPN could allow unintended access to network services.

Software Description:

- openvpn: virtual private network software

Details:

It was discovered that OpenVPN incorrectly handled certain configurations

with multiple authentication plugins. A remote attacker could possibly use

this issue to bypass authentication using incomplete credentials.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
  openvpn                         2.5.1-3ubuntu1.1

Ubuntu 20.04 LTS:
  openvpn                         2.4.7-1ubuntu2.20.04.4

Ubuntu 18.04 LTS:
  openvpn                         2.4.4-2ubuntu1.7

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5347-1

CVE-2022-0547

March 24, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.