Package "openvpn"

Name:	openvpn
Description:	virtual private network daemon
Latest version:	2.4.12-0ubuntu0.20.04.2
Release:	focal (20.04)
Level:	security
Repository:	main
Homepage:	https://openvpn.net/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "openvpn"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "openvpn" in Focal

Repository	Area	Version
base	main	2.4.7-1ubuntu2
updates	main	2.4.12-0ubuntu0.20.04.2

Changelog

Version: 2.4.12-0ubuntu0.20.04.2 2024-07-02 16:07:35 UTC

Version: 2.4.12-0ubuntu0.20.04.2	2024-07-02 16:07:35 UTC
`openvpn (2.4.12-0ubuntu0.20.04.2) focal-security; urgency=medium * SECURITY UPDATE: malicious peer can DoS or send garbage to logs - debian/patches/CVE-2024-5594.patch: properly handle null bytes and invalid characters in control messages in src/openvpn/buffer.*, src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c. - CVE-2024-5594 -- Marc Deslauriers <email address hidden> Thu, 27 Jun 2024 15:09:17 -0400`
Source diff to previous version

openvpn (2.4.12-0ubuntu0.20.04.2) focal-security; urgency=medium * SECURITY UPDATE: malicious peer can DoS or send garbage to logs - debian/patches/CVE-2024-5594.patch: properly handle null bytes and invalid characters in control messages in src/openvpn/buffer.*, src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c. - CVE-2024-5594 -- Marc Deslauriers <email address hidden> Thu, 27 Jun 2024 15:09:17 -0400

Source diff to previous version

Version: 2.4.7-1ubuntu2.20.04.4 2022-03-24 13:06:30 UTC

openvpn (2.4.7-1ubuntu2.20.04.4) focal-security; urgency=medium * SECURITY UPDATE: authentication bypass via multiple deferred authentication plug-ins - debian/patches/CVE-2022-0547.patch: disallow multiple deferred authentication plug-ins in doc/openvpn.8, src/openvpn/plugin.c. - CVE-2022-0547 -- Marc Deslauriers <email address hidden> Tue, 22 Mar 2022 10:40:54 -0400

Source diff to previous version

CVE-2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of def

Version: 2.4.7-1ubuntu2.20.04.2 2021-05-04 13:06:22 UTC

openvpn (2.4.7-1ubuntu2.20.04.2) focal-security; urgency=medium * SECURITY UPDATE: data channel v2 packet injection - debian/patches/CVE-2020-11810.patch: fix illegal client float in src/openvpn/multi.c. - CVE-2020-11810 * SECURITY UPDATE: Authentication bypass with deferred authentication - debian/patches/CVE-2020-15078.patch: ensure key state is authenticated before sending push reply in src/openvpn/push.c. - CVE-2020-15078 -- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 10:51:26 -0400

CVE-2020-11810	An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally
CVE-2020-15078	OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with defe

About - Send Feedback to @ubuntu_updates

Package "openvpn"

Links

Download "openvpn"

Other versions of "openvpn" in Focal

Changelog

Share this page

Bookmarks

Latest updates

proposed

PPA updates