Описание
Security update for openvpn
This update for openvpn fixes the following issues:
- CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341).
Список пакетов
HPE Helion OpenStack 8
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE Linux Enterprise Server 12 SP2-BCL
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE Linux Enterprise Server 12 SP3-BCL
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE Linux Enterprise Server 12 SP3-LTSS
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE Linux Enterprise Server 12 SP4-LTSS
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE Linux Enterprise Server 12 SP5
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE OpenStack Cloud 8
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE OpenStack Cloud 9
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE OpenStack Cloud Crowbar 8
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE OpenStack Cloud Crowbar 9
openvpn-2.3.8-16.29.1
openvpn-auth-pam-plugin-2.3.8-16.29.1
Ссылки
- Link for SUSE-SU-2022:1024-1
- E-Mail link for SUSE-SU-2022:1024-1
- SUSE Security Ratings
- SUSE Bug 1197341
- SUSE CVE CVE-2022-0547 page
Описание
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
Затронутые продукты
HPE Helion OpenStack 8:openvpn-2.3.8-16.29.1
HPE Helion OpenStack 8:openvpn-auth-pam-plugin-2.3.8-16.29.1
SUSE Linux Enterprise Server 12 SP2-BCL:openvpn-2.3.8-16.29.1
SUSE Linux Enterprise Server 12 SP2-BCL:openvpn-auth-pam-plugin-2.3.8-16.29.1
Ссылки
- CVE-2022-0547
- SUSE Bug 1197341
- SUSE Bug 1199103