Summary: | <net-vpn/openvpn-2.5.2: Authentication bypass with deferred authentication (CVE-2020-15078) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | a, alexander, chutzpah, williamh |
Priority: | Normal | Keywords: | CC-ARCHES, STABLEREQ |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [glsa+ cve] | ||
Package list: |
net-vpn/openvpn-2.5.2
|
Runtime testing required: | --- |
Description
Sam James
2021-04-22 21:06:55 UTC
ping *** Bug 786423 has been marked as a duplicate of this bug. *** Hi there, is there something I could do to help with this? The vulnerability has a public CVE and its impact is non-negligible for servers. For the future: is there something the openvpn developers can do to communicate *beforehand* that a release with a security fix is coming? This way gentoo maintainers can be prepared. I know other distros join a specific distribution list - but I am not sure if that's the case for gentoo. Thanks! I will contact you via email. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0355870fe3eb0f5d105bca9404a21a34e5649256 commit 0355870fe3eb0f5d105bca9404a21a34e5649256 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-04-30 18:12:50 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-04-30 18:58:34 +0000 net-vpn/openvpn: bump to v2.5.2 Bug: https://bugs.gentoo.org/785115 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-vpn/openvpn/Manifest | 1 + net-vpn/openvpn/openvpn-2.5.2.ebuild | 174 +++++++++++++++++++++++++++++++++++ 2 files changed, 175 insertions(+) arm64 done x86 done ppc64 done ppc done amd64 done arm done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0f872033e85edb4868f76650fa205cd7d10bd07 commit a0f872033e85edb4868f76650fa205cd7d10bd07 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-05-24 01:16:04 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-05-24 01:19:18 +0000 net-vpn/openvpn: security cleanup Bug: https://bugs.gentoo.org/785115 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> net-vpn/openvpn/Manifest | 3 - net-vpn/openvpn/openvpn-2.4.9.ebuild | 170 ------------------------------- net-vpn/openvpn/openvpn-2.5.0-r1.ebuild | 169 ------------------------------- net-vpn/openvpn/openvpn-2.5.1-r1.ebuild | 171 -------------------------------- 4 files changed, 513 deletions(-) New GLSA request filed. This issue was resolved and addressed in GLSA 202105-25 at https://security.gentoo.org/glsa/202105-25 by GLSA coordinator Thomas Deutschmann (whissi). |