SUSE-SU-2022:14937-1

Опубликовано: 06 апр. 2022

Источник: suse-cvrf

Описание

Security update for openvpn-openssl1

This update for openvpn-openssl1 fixes the following issues:

CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341).

Список пакетов

SUSE Linux Enterprise Server 11-SECURITY

openvpn-openssl1-2.3.2-0.10.12.1

openvpn-openssl1-down-root-plugin-2.3.2-0.10.12.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-202214937-1/
Link for SUSE-SU-2022:14937-1
https://lists.suse.com/pipermail/sle-security-updates/2022-April/010663.html
E-Mail link for SUSE-SU-2022:14937-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1197341
SUSE Bug 1197341
https://www.suse.com/security/cve/CVE-2022-0547/
SUSE CVE CVE-2022-0547 page

Описание

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

Затронутые продукты

SUSE Linux Enterprise Server 11-SECURITY:openvpn-openssl1-2.3.2-0.10.12.1

SUSE Linux Enterprise Server 11-SECURITY:openvpn-openssl1-down-root-plugin-2.3.2-0.10.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-0547.html
CVE-2022-0547
https://bugzilla.suse.com/1197341
SUSE Bug 1197341
https://bugzilla.suse.com/1199103
SUSE Bug 1199103

SUSE-SU-2022:14937-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11-SECURITY

Ссылки

Уязвимость: CVE-2022-0547

Описание

Затронутые продукты

Ссылки