Описание
Security update for openvpn
This update for openvpn fixes the following issues:
-
CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341).
-
By default the --suppress-timestamps flag is not needed (bsc#1123557).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP4
openvpn-2.5.6-150400.3.3.1
openvpn-auth-pam-plugin-2.5.6-150400.3.3.1
openvpn-devel-2.5.6-150400.3.3.1
openSUSE Leap 15.4
openvpn-2.5.6-150400.3.3.1
openvpn-auth-pam-plugin-2.5.6-150400.3.3.1
openvpn-devel-2.5.6-150400.3.3.1
openvpn-down-root-plugin-2.5.6-150400.3.3.1
Ссылки
- Link for SUSE-SU-2022:1934-1
- E-Mail link for SUSE-SU-2022:1934-1
- SUSE Security Ratings
- SUSE Bug 1123557
- SUSE Bug 1197341
- SUSE CVE CVE-2022-0547 page
Описание
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP4:openvpn-2.5.6-150400.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:openvpn-auth-pam-plugin-2.5.6-150400.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP4:openvpn-devel-2.5.6-150400.3.3.1
openSUSE Leap 15.4:openvpn-2.5.6-150400.3.3.1
Ссылки
- CVE-2022-0547
- SUSE Bug 1197341
- SUSE Bug 1199103