openSUSE-SU-2022:1029-1

Опубликовано: 29 мар. 2022

Источник: suse-cvrf

Описание

Security update for openvpn

This update for openvpn fixes the following issues:

CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341).

Список пакетов

openSUSE Leap 15.3

openvpn-2.4.3-150000.5.10.1

openvpn-auth-pam-plugin-2.4.3-150000.5.10.1

openvpn-devel-2.4.3-150000.5.10.1

openvpn-down-root-plugin-2.4.3-150000.5.10.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2QBY77RLVCXQT27JK26OJ53P6OZQP34S/
E-Mail link for openSUSE-SU-2022:1029-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1197341
SUSE Bug 1197341
https://www.suse.com/security/cve/CVE-2022-0547/
SUSE CVE CVE-2022-0547 page

Описание

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

Затронутые продукты

openSUSE Leap 15.3:openvpn-2.4.3-150000.5.10.1

openSUSE Leap 15.3:openvpn-auth-pam-plugin-2.4.3-150000.5.10.1

openSUSE Leap 15.3:openvpn-devel-2.4.3-150000.5.10.1

openSUSE Leap 15.3:openvpn-down-root-plugin-2.4.3-150000.5.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-0547.html
CVE-2022-0547
https://bugzilla.suse.com/1197341
SUSE Bug 1197341
https://bugzilla.suse.com/1199103
SUSE Bug 1199103

openSUSE-SU-2022:1029-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-0547

Описание

Затронутые продукты

Ссылки