Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 24.04 LTS USN-6860-1 Critical Security Advisory: OpenVPN DoS

ubuntu
Calendar Grey July 2, 2024
Dist Ubuntu Esm H88
Ubuntu versions 24.04 and 23.10 are encountering critical OpenVPN vulnerabilities that necessitate immediate attention. Please update promptly to maintain security!
Several security issues were fixed in OpenVPN.

Summary

Several security issues were fixed in OpenVPN.

Software Description:

- openvpn: virtual private network software

Details:

Reynir Björnsson discovered that OpenVPN incorrectly handled terminating

client connections. A remote authenticated client could possibly use this

issue to keep the connection active, bypassing certain security policies.

This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS.

(CVE-2024-28882)

Reynir Björnsson discovered that OpenVPN incorrectly handled certain

control channel messages with nonprintable characters. A remote attacker

could possibly use this issue to cause OpenVPN to consume resources, or

fill up log files with garbage, leading to a denial of service.

(CVE-2024-5594)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   openvpn                         2.6.9-1ubuntu4.1

Ubuntu 23.10
   openvpn                         2.6.5-0ubuntu1.2

Ubuntu 22.04 LTS
   openvpn                         2.5.9-0ubuntu0.22.04.3

Ubuntu 20.04 LTS
   openvpn                         2.4.12-0ubuntu0.20.04.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6860-1

CVE-2024-28882, CVE-2024-5594

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6860-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here