==========================================================================
Ubuntu Security Notice USN-6860-1
July 02, 2024

openvpn vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in OpenVPN.

Software Description:
- openvpn: virtual private network software

Details:

Reynir Björnsson discovered that OpenVPN incorrectly handled terminating
client connections. A remote authenticated client could possibly use this
issue to keep the connection active, bypassing certain security policies.
This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS.
(CVE-2024-28882)

Reynir Björnsson discovered that OpenVPN incorrectly handled certain
control channel messages with nonprintable characters. A remote attacker
could possibly use this issue to cause OpenVPN to consume resources, or
fill up log files with garbage, leading to a denial of service.
(CVE-2024-5594)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   openvpn                         2.6.9-1ubuntu4.1

Ubuntu 23.10
   openvpn                         2.6.5-0ubuntu1.2

Ubuntu 22.04 LTS
   openvpn                         2.5.9-0ubuntu0.22.04.3

Ubuntu 20.04 LTS
   openvpn                         2.4.12-0ubuntu0.20.04.2

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6860-1
   CVE-2024-28882, CVE-2024-5594

Package Information:
   https://launchpad.net/ubuntu/+source/openvpn/2.6.9-1ubuntu4.1
   https://launchpad.net/ubuntu/+source/openvpn/2.6.5-0ubuntu1.2
   https://launchpad.net/ubuntu/+source/openvpn/2.5.9-0ubuntu0.22.04.3
   https://launchpad.net/ubuntu/+source/openvpn/2.4.12-0ubuntu0.20.04.2

Ubuntu 6860-1: OpenVPN Security Advisory Updates

July 2, 2024
Several security issues were fixed in OpenVPN.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in OpenVPN. Software Description: - openvpn: virtual private network software Details: Reynir Björnsson discovered that OpenVPN incorrectly handled terminating client connections. A remote authenticated client could possibly use this issue to keep the connection active, bypassing certain security policies. This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS. (CVE-2024-28882) Reynir Björnsson discovered that OpenVPN incorrectly handled certain control channel messages with nonprintable characters. A remote attacker could possibly use this issue to cause OpenVPN to consume resources, or fill up log files with garbage, leading to a denial of service. (CVE-2024-5594)

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS openvpn 2.6.9-1ubuntu4.1 Ubuntu 23.10 openvpn 2.6.5-0ubuntu1.2 Ubuntu 22.04 LTS openvpn 2.5.9-0ubuntu0.22.04.3 Ubuntu 20.04 LTS openvpn 2.4.12-0ubuntu0.20.04.2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6860-1

CVE-2024-28882, CVE-2024-5594

Severity
Ubuntu Security Notice USN-6860-1

Package Information

https://launchpad.net/ubuntu/+source/openvpn/2.6.9-1ubuntu4.1 https://launchpad.net/ubuntu/+source/openvpn/2.6.5-0ubuntu1.2 https://launchpad.net/ubuntu/+source/openvpn/2.5.9-0ubuntu0.22.04.3 https://launchpad.net/ubuntu/+source/openvpn/2.4.12-0ubuntu0.20.04.2

Related News

31.Lock DigitalRoom Esm H170
2 - 4 min read
An aggressive cyber threat targeting HTTP File Server (HFS) users has emerged recently. A Remote Code Execution (RCE) vulnerability known as
34.Key AbstractDigital Esm H170
2 - 4 min read
Security threats continue developing rapidly, with attackers finding new vulnerabilities daily. Recent findings from researchers at Uptycs indicate
32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
1.Penguin Landscape Esm H170
2 - 3 min read
On Independence Day, there is a deep recognition of digital autonomy amidst the colorful fireworks displays and patriotic revelry. At LinuxSecurity,
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
11.Locks IsometricPattern Esm H170
2 - 4 min read
Linux Mint is a user-friendly GNU/Linux desktop distribution built upon Ubuntu and Debian for maximum reliability while offering an aesthetically
32.Lock Code Circular Esm H170
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
27.Tablet Connections Blocks Lock Esm H170
2 - 4 min read
Debian recently unveiled a significant update to its stable distribution, Debian 12.6 (codename "bookworm"). While not an entirely new release, this

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved