Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)
Please login to add feedback.
This update has been submitted for testing by dsommers.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
dsommers edited this update.
I updated one server, and the VPN is still working properly.
Not sure about the bug fix, as I don't know how to test that; I don't know if there's a POC or a assessment test script somewhere.
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by bodhi.
This update has been pushed to stable.