Date: Thu, 17 Mar 2022 22:28:13 GMT From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: ba380acff776 - main - security/vuxml: add OpenVPN < 2.5.6 deferred auth plugin vuln Message-ID: <202203172228.22HMSDcx091279@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by mandree: URL: https://cgit.FreeBSD.org/ports/commit/?id=ba380acff776bd1b84811b70d7b3ca6f0a9abfd2 commit ba380acff776bd1b84811b70d7b3ca6f0a9abfd2 Author: Matthias Andree <mandree@FreeBSD.org> AuthorDate: 2022-03-17 22:24:35 +0000 Commit: Matthias Andree <mandree@FreeBSD.org> CommitDate: 2022-03-17 22:27:50 +0000 security/vuxml: add OpenVPN < 2.5.6 deferred auth plugin vuln Security: CVE-2022-0547 --- security/vuxml/vuln-2022.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index a7d0029d21c0..d6339c35bb9a 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,34 @@ + <vuln vid="45a72180-a640-11ec-a08b-85298243e224"> + <topic>openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins</topic> + <affects> + <package> + <name>openvpn</name> + <range><lt>2.5.6</lt></range> + </package> + <package> + <name>openvpn-mbedtls</name> + <range><lt>2.5.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>David Sommerseth reports:</p> + <blockquote cite="https://community.openvpn.net/openvpn/wiki/CVE-2022-0547"> + <p>OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. This issue is resolved in OpenVPN 2.4.12 and v2.5.6.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-0547</cvename> + <url>https://community.openvpn.net/openvpn/wiki/CVE-2022-0547</url> + <url>https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256</url> + </references> + <dates> + <discovery>2022-03-10</discovery> + <entry>2022-03-17</entry> + </dates> + </vuln> + <vuln vid="5df757ef-a564-11ec-85fa-a0369f7f7be0"> <topic>wordpress -- multiple issues</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202203172228.22HMSDcx091279>