Download
| Alert*
|
oval:org.secpod.oval:def:705991
openvpn: virtual private network software everal security issues were fixed in OpenVPN. oval:org.secpod.oval:def:118136 OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compres ... oval:org.secpod.oval:def:72086 openvpn: virtual private network software everal security issues were fixed in OpenVPN. oval:org.secpod.oval:def:62889 The host is installed with OpenVPN 2.4.x before 2.4.9 and is prone to an illegal client float vulnerability. A flaw is present in the application, which fails to properly handle data channel v2 (P_DATA_V2) packet. Successful exploitation could allow attackers to drop victim's connection. oval:org.secpod.oval:def:1601170 This security issue is quite hard to abuse, requiring a fairly precise timing attack combined with guessing a just assigned peer-id reference. If successful, only a single client just initiating a new connection will experience a denial of service situation. oval:org.secpod.oval:def:89047244 This update for openvpn fixes the following issues: - CVE-2020-15078: Fixed authentication bypass with deferred authentication . - CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key . - CVE-2018-7544: Fixed cross-protocol scripting issue that was discov ... |
