Lucene search
UbuntuUSN-6860-1HistoryJul 02, 2024 - 12:00 a.m.
OpenVPN vulnerabilities
2024-07-0200:00:00
ubuntu.com
openvpn
ubuntu
vulnerabilities
remote authenticated client
security policies
control channel messages
denial of service
7.3 High
AI Score
Confidence
Low
Releases
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Packages
- openvpn - virtual private network software
Details
Reynir Björnsson discovered that OpenVPN incorrectly handled terminating
client connections. A remote authenticated client could possibly use this
issue to keep the connection active, bypassing certain security policies.
This issue only affected Ubuntu 23.10, and Ubuntu 24.04 LTS.
(CVE-2024-28882)
Reynir Björnsson discovered that OpenVPN incorrectly handled certain
control channel messages with nonprintable characters. A remote attacker
could possibly use this issue to cause OpenVPN to consume resources, or
fill up log files with garbage, leading to a denial of service.
(CVE-2024-5594)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 24.04 | noarch | openvpn | < 2.6.9-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 24.04 | noarch | openvpn-dbgsym | < 2.6.9-1ubuntu4.1 | UNKNOWN |
| Ubuntu | 23.10 | noarch | openvpn | < 2.6.5-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 23.10 | noarch | openvpn-dbgsym | < 2.6.5-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 22.04 | noarch | openvpn | < 2.5.9-0ubuntu0.22.04.3 | UNKNOWN |
| Ubuntu | 22.04 | noarch | openvpn-dbgsym | < 2.5.9-0ubuntu0.22.04.3 | UNKNOWN |
| Ubuntu | 20.04 | noarch | openvpn | < 2.4.12-0ubuntu0.20.04.2 | UNKNOWN |
| Ubuntu | 20.04 | noarch | openvpn-dbgsym | < 2.4.12-0ubuntu0.20.04.2 | UNKNOWN |
Related
nessus
nessus
Fedora 40 : openvpn (2024-b611e122fb)
2024-06-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6860-1)
2024-07-03 00:00:00
Fedora: Security Advisory for openvpn (FEDORA-2024-b611e122fb)
2024-06-27 00:00:00
Mageia: Security Advisory (MGASA-2024-0255)
2024-07-05 00:00:00
freebsd
freebsd
openvpn -- two security fixes
2024-05-16 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: openvpn-2.6.11-1.fc40
2024-06-27 02:04:13
osv
osv
openvpn vulnerabilities
2024-07-02 13:44:50
debiancve
debiancve
CVE-2024-28882
2024-06-21 11:15:13
CVE-2024-5594
2024-06-21 11:15:13
ubuntucve
ubuntucve
CVE-2024-28882
2024-06-25 00:00:00
CVE-2024-5594
2024-06-25 00:00:00
alpinelinux
alpinelinux
CVE-2024-28882
2024-06-21 11:15:13
CVE-2024-5594
2024-06-21 11:15:13
mageia
mageia
Updated openvpn packages fix security vulnerability
2024-07-04 19:48:09