Описание
Security update for openvpn
This update for openvpn fixes the following issues:
- CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341).
Список пакетов
SUSE Enterprise Storage 6
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Enterprise Storage 7
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise Real Time 15 SP2
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise Server 15 SP1-BCL
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise Server 15 SP1-LTSS
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise Server 15 SP2-BCL
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise Server 15 SP2-LTSS
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise Server 15-LTSS
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise Server for SAP Applications 15
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Manager Proxy 4.1
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Manager Retail Branch Server 4.1
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
SUSE Manager Server 4.1
openvpn-2.4.3-150000.5.10.1
openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
openvpn-devel-2.4.3-150000.5.10.1
Ссылки
- Link for SUSE-SU-2022:1029-1
- E-Mail link for SUSE-SU-2022:1029-1
- SUSE Security Ratings
- SUSE Bug 1197341
- SUSE CVE CVE-2022-0547 page
Описание
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
Затронутые продукты
SUSE Enterprise Storage 6:openvpn-2.4.3-150000.5.10.1
SUSE Enterprise Storage 6:openvpn-auth-pam-plugin-2.4.3-150000.5.10.1
SUSE Enterprise Storage 6:openvpn-devel-2.4.3-150000.5.10.1
SUSE Enterprise Storage 7:openvpn-2.4.3-150000.5.10.1
Ссылки
- CVE-2022-0547
- SUSE Bug 1197341
- SUSE Bug 1199103