From d1184f27e5473ca66cb58643eefb5eec8f9a8f07 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Wed, 21 Apr 2021 18:56:54 +0200 Subject: security/vuxml: add devel/openvpn < 2.5.2 entry Security: CVE-2020-15078 Security: efb965be-a2c0-11eb-8956-1951a8617e30 --- security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0c3e4d58c0b1..302670fcd1c1 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -76,6 +76,42 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + openvpn -- deferred authentication can be bypassed in specific circumstances + + + openvpn + 2.5.2 + + + openvpn-mbedtls + 2.5.2 + + + + +

Gert Döring reports:

+
+ OpenVPN 2.5.1 and earlier versions allows a remote attackers to + bypass authentication and access control channel data on servers + configured with deferred authentication, which can be used to + potentially trigger further information leaks. +
+

+ + + + https://community.openvpn.net/openvpn/wiki/CVE-2020-15078 + https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-252 + CVE-2020-15078 + + + 2021-03-02 + 2021-04-21 + + + chromium -- multiple vulnerabilities -- cgit v1.2.3