Reynir Björnsson discovered that OpenVPN incorrectly handled terminating
client connections. A remote authenticated client could possibly use this
issue to keep the connection active, bypassing certain security policies.
This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS.
(CVE-2024-28882)
Reynir Björnsson discovered that OpenVPN incorrectly handled certain
control channel messages with nonprintable characters. A remote attacker
could possibly use this issue to cause OpenVPN to consume resources, or
fill up log files with garbage, leading to a denial of service.
(CVE-2024-5594)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 24.04 | noarch | openvpn | < 2.6.9-1ubuntu4.1 | UNKNOWN |
Ubuntu | 24.04 | noarch | openvpn-dbgsym | < 2.6.9-1ubuntu4.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | openvpn | < 2.6.5-0ubuntu1.2 | UNKNOWN |
Ubuntu | 23.10 | noarch | openvpn-dbgsym | < 2.6.5-0ubuntu1.2 | UNKNOWN |
Ubuntu | 22.04 | noarch | openvpn | < 2.5.9-0ubuntu0.22.04.3 | UNKNOWN |
Ubuntu | 22.04 | noarch | openvpn-dbgsym | < 2.5.9-0ubuntu0.22.04.3 | UNKNOWN |
Ubuntu | 20.04 | noarch | openvpn | < 2.4.12-0ubuntu0.20.04.2 | UNKNOWN |
Ubuntu | 20.04 | noarch | openvpn-dbgsym | < 2.4.12-0ubuntu0.20.04.2 | UNKNOWN |