Описание
Security update for openvpn
This update for openvpn fixes the following issues:
- CVE-2024-5594: Fixed wrong handling of null bytes and invalid characters in control messages (bsc#1235147)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
openvpn-2.6.8-150600.3.14.1
openvpn-auth-pam-plugin-2.6.8-150600.3.14.1
openvpn-dco-2.6.8-150600.3.14.1
openvpn-dco-devel-2.6.8-150600.3.14.1
openvpn-devel-2.6.8-150600.3.14.1
openSUSE Leap 15.6
openvpn-2.6.8-150600.3.14.1
openvpn-auth-pam-plugin-2.6.8-150600.3.14.1
openvpn-dco-2.6.8-150600.3.14.1
openvpn-dco-devel-2.6.8-150600.3.14.1
openvpn-devel-2.6.8-150600.3.14.1
openvpn-down-root-plugin-2.6.8-150600.3.14.1
Ссылки
- Link for SUSE-SU-2025:0278-1
- E-Mail link for SUSE-SU-2025:0278-1
- SUSE Security Ratings
- SUSE Bug 1235147
- SUSE CVE CVE-2024-5594 page
Описание
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:openvpn-2.6.8-150600.3.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:openvpn-auth-pam-plugin-2.6.8-150600.3.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:openvpn-dco-2.6.8-150600.3.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:openvpn-dco-devel-2.6.8-150600.3.14.1
Ссылки
- CVE-2024-5594
- SUSE Bug 1235147