stable

openvpn-2.5.2-1.fc34

FEDORA-2021-b805c26afa created by dsommers 3 years ago for Fedora 34

Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2021-b805c26afa

This update has been submitted for testing by dsommers.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update's test gating status has been changed to 'waiting'.

3 years ago

This update's test gating status has been changed to 'ignored'.

3 years ago

This update has been pushed to testing.

3 years ago

dsommers edited this update.

3 years ago
User Icon fkooman commented & provided feedback 3 years ago
Glob pattern passed, but globs are not supported for this.
Invalid unit name "openvpn-client@*.service" escaped as "openvpn-client@\x2a.service".
Glob pattern passed, but globs are not supported for this.
Invalid unit name "openvpn-server@*.service" escaped as "openvpn-server@\x2a.service".

It doesn't restart the OpenVPN (server) processes for me. But maybe I screwed up the systemd configuration?

$ systemctl | grep openvpn
  openvpn-server@default-0.service                                                         loaded active running   OpenVPN service for default/0
  openvpn-server@default-1.service                                                         loaded active running   OpenVPN service for default/1
  system-openvpn\x2dserver.slice                                                           loaded active active    system-openvpn\x2dserver.slice

All fine after (me) restarting the OpenVPN server processes though!

User Icon xvitaly provided feedback 3 years ago
karma
BZ#1952935 CVE-2020-15078 openvpn: Authentication bypass with deferred authentication [fedora-all]
User Icon copperi commented & provided feedback 3 years ago
karma

Glob pattern passed, but globs are not supported for this. Invalid unit name "openvpn-client@.service" escaped as "openvpn-client@\x2a.service". Glob pattern passed, but globs are not supported for this. Invalid unit name "openvpn-server@.service" escaped as "openvpn-server@\x2a.service".

Manual update message: /usr/lib/tmpfiles.d/elasticsearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly.

Works

BZ#1952935 CVE-2020-15078 openvpn: Authentication bypass with deferred authentication [fedora-all]

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago
User Icon dsommers commented & provided feedback 3 years ago

Thanks for the glob pattern notifications; I see someone created #1953687, which I will follow up.


Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-1
Stable by Karma
2
Stable by Time
3 days
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1952935 CVE-2020-15078 openvpn: Authentication bypass with deferred authentication [fedora-all]
0
2

Automated Test Results