Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:1131-1

Опубликовано: 03 апр. 2025
Источник: suse-cvrf

Описание

Security update for openvpn

This update for openvpn fixes the following issues:

  • CVE-2024-5594: Fixed incorrect handling of null bytes and invalid characters in control messages (bsc#1235147)

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
openvpn-2.5.6-150400.3.9.1
openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
openvpn-devel-2.5.6-150400.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
openvpn-2.5.6-150400.3.9.1
openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
openvpn-devel-2.5.6-150400.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
openvpn-2.5.6-150400.3.9.1
openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
openvpn-devel-2.5.6-150400.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
openvpn-2.5.6-150400.3.9.1
openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
openvpn-devel-2.5.6-150400.3.9.1
SUSE Linux Enterprise Server 15 SP4-LTSS
openvpn-2.5.6-150400.3.9.1
openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
openvpn-devel-2.5.6-150400.3.9.1
SUSE Linux Enterprise Server 15 SP5-LTSS
openvpn-2.5.6-150400.3.9.1
openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
openvpn-devel-2.5.6-150400.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
openvpn-2.5.6-150400.3.9.1
openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
openvpn-devel-2.5.6-150400.3.9.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
openvpn-2.5.6-150400.3.9.1
openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
openvpn-devel-2.5.6-150400.3.9.1
SUSE Manager Proxy 4.3
openvpn-2.5.6-150400.3.9.1
openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
openvpn-devel-2.5.6-150400.3.9.1
SUSE Manager Server 4.3
openvpn-2.5.6-150400.3.9.1
openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
openvpn-devel-2.5.6-150400.3.9.1

Ссылки

Описание

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openvpn-2.5.6-150400.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openvpn-auth-pam-plugin-2.5.6-150400.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:openvpn-devel-2.5.6-150400.3.9.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:openvpn-2.5.6-150400.3.9.1
Ссылки
Уязвимость SUSE-SU-2025:1131-1 - exploitDog