FEDORA-2021-b805c26afa created by dsommers 4 months ago for Fedora 34
stable

Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)

How to install

sudo dnf upgrade --advisory=FEDORA-2021-b805c26afa

This update has been submitted for testing by dsommers.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update has been pushed to testing.

4 months ago

dsommers edited this update.

4 months ago
User Icon fkooman commented & provided feedback 4 months ago
Glob pattern passed, but globs are not supported for this.
Invalid unit name "openvpn-client@*.service" escaped as "openvpn-client@\x2a.service".
Glob pattern passed, but globs are not supported for this.
Invalid unit name "openvpn-server@*.service" escaped as "openvpn-server@\x2a.service".

It doesn't restart the OpenVPN (server) processes for me. But maybe I screwed up the systemd configuration?

$ systemctl | grep openvpn
  openvpn-server@default-0.service                                                         loaded active running   OpenVPN service for default/0
  openvpn-server@default-1.service                                                         loaded active running   OpenVPN service for default/1
  system-openvpn\x2dserver.slice                                                           loaded active active    system-openvpn\x2dserver.slice

All fine after (me) restarting the OpenVPN server processes though!

User Icon xvitaly provided feedback 4 months ago
karma
BZ#1952935 CVE-2020-15078 openvpn: Authentication bypass with deferred authentication [fedora-all]
User Icon copperi commented & provided feedback 4 months ago
karma

Glob pattern passed, but globs are not supported for this. Invalid unit name "openvpn-client@.service" escaped as "openvpn-client@\x2a.service". Glob pattern passed, but globs are not supported for this. Invalid unit name "openvpn-server@.service" escaped as "openvpn-server@\x2a.service".

Manual update message: /usr/lib/tmpfiles.d/elasticsearch.conf:1: Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly.

Works

BZ#1952935 CVE-2020-15078 openvpn: Authentication bypass with deferred authentication [fedora-all]

This update has been submitted for stable by bodhi.

4 months ago

This update has been pushed to stable.

4 months ago
User Icon dsommers commented & provided feedback 4 months ago

Thanks for the glob pattern notifications; I see someone created #1953687, which I will follow up.


Please login to add feedback.

Metadata
Type
security
Severity
urgent
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
2
Stable by Time
3 days
Dates
submitted
4 months ago
in testing
4 months ago
in stable
4 months ago
modified
4 months ago
BZ#1952935 CVE-2020-15078 openvpn: Authentication bypass with deferred authentication [fedora-all]
0
2

Automated Test Results