Vulnerability CVE-2020-15078: Information
Description
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
openvpn | sisyphus | 2.5.3-alt1 | 2.6.10-alt1 | ALT-PU-2021-2120-1 | 276663 | Fixed |
openvpn | p10 | 2.5.3-alt1 | 2.5.6-alt1 | ALT-PU-2021-2120-1 | 276663 | Fixed |
openvpn | p9 | 2.5.6-alt1 | 2.5.6-alt1 | ALT-PU-2022-2690-1 | 305924 | Fixed |
openvpn | p9_e2k | 2.5.6-alt1 | 2.5.6-alt1 | ALT-PU-2022-6432-1 | - | Fixed |
openvpn | c10f1 | 2.5.3-alt1 | 2.5.6-alt1 | ALT-PU-2021-2120-1 | 276663 | Fixed |
openvpn | c9f2 | 2.4.9-alt1.c9f2.1 | 2.4.9-alt1.c9f2.2 | ALT-PU-2022-1576-1 | 292332 | Fixed |
openvpn | p11 | 2.5.3-alt1 | 2.6.10-alt1 | ALT-PU-2021-2120-1 | 276663 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements |
|
https://community.openvpn.net/openvpn/wiki/CVE-2020-15078 |
|
GLSA-202105-25 |
|
https://usn.ubuntu.com/usn/usn-4933-1 |
|
[debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update |
|
FEDORA-2021-242ef81244 | |
FEDORA-2021-b805c26afa | |
FEDORA-2021-d6b9d8497b |