-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2992-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 03, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : openvpn Version : 2.4.0-6+deb9u4 CVE ID : CVE-2017-12166 CVE-2020-11810 CVE-2020-15078 CVE-2022-0547 Several issues were discovered in OpenVPN, a Virtual Private Network server and client, that could lead to authentication bypass when using deferred auth plugins. Note that this upload disables support for multiple deferred auth plugins, following the upstream fix for CVE-2022-0547. For Debian 9 stretch, these problems have been fixed in version 2.4.0-6+deb9u4. We recommend that you upgrade your openvpn packages. For the detailed security status of openvpn please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvpn Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmJxHYUACgkQnUbEiOQ2 gwKXKBAAownXxFKWGfheCVAT4cqhawgv6jaj8Lv8BvTEOxaqXf+bKl3stibEQA4G Ret3lV3MM6qthjaURsvtCv5nDH4wU2lgUBCWnbBTAyV2LKyv1yoA0yLOfGiighCR 3+SJwQNj7xv4I4h/ljAClZ4fg/iESBGEzg5hq9qgfJ+tQe71oD86/xMqcdp7GUkE glaFkoGTSTPD5KzwY+iW52Zn+rjLZoNBwV+gJCSkB1UHxLINQV6IoIaJPlIY4qSg 2U8sVIbr4zmeKCrSzKdGxzYmNEbtp0MjgoFzwo8Xu01Gw7RHcsGNdgzzSD5Dfc4Y zD2pdZqjSawr6TE0JNV4CEroocGR+FkFDoQVCP1RWWMbc9o30Y+NWQu+/VVkwHMs lzjcKSUNJ8GfnE+tsA3UbxvffVJcpAvd8a8m4OFU0r0z8Opfo4l4tgNc5IwAzkxS BVPGG7V870u8/6N/AtrYMjniDQ+EG/rlWphCFi/qv5LhzfZCM8oIRNIFGUQte4s1 GKgvlwxzakRLWgIov9KzeOrgj0WD7nHZeTqDTFntC7rgENwTlvc1Blksc0f5nq4k jE9/PiL+S91rp99Q/4mzSYrRLKHk5Kd+OwNNkURIo0J7atxVP1n/LgA/rojfM+T9 puvNz9usFzlNEnVbKDXDAq6Ki5l8fgDEIYl0sUHcEF/4EKRSKCY= =tmEZ -----END PGP SIGNATURE-----