openvpn-2.5.3-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11128-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z openvpn-2.5.3-1.2 on GA media These are all security issues fixed in the openvpn-2.5.3-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11128 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2005-3393/ SUSE CVE CVE-2005-3393 page https://www.suse.com/security/cve/CVE-2005-3409/ SUSE CVE CVE-2005-3409 page https://www.suse.com/security/cve/CVE-2006-1629/ SUSE CVE CVE-2006-1629 page https://www.suse.com/security/cve/CVE-2006-4339/ SUSE CVE CVE-2006-4339 page https://www.suse.com/security/cve/CVE-2017-12166/ SUSE CVE CVE-2017-12166 page https://www.suse.com/security/cve/CVE-2017-7521/ SUSE CVE CVE-2017-7521 page https://www.suse.com/security/cve/CVE-2017-7522/ SUSE CVE CVE-2017-7522 page https://www.suse.com/security/cve/CVE-2018-9336/ SUSE CVE CVE-2018-9336 page https://www.suse.com/security/cve/CVE-2020-11810/ SUSE CVE CVE-2020-11810 page https://www.suse.com/security/cve/CVE-2020-15078/ SUSE CVE CVE-2020-15078 page openSUSE Tumbleweed openvpn-2.5.3-1.2 openvpn-auth-pam-plugin-2.5.3-1.2 openvpn-devel-2.5.3-1.2 openvpn-down-root-plugin-2.5.3-1.2 openvpn-2.5.3-1.2 as a component of openSUSE Tumbleweed openvpn-auth-pam-plugin-2.5.3-1.2 as a component of openSUSE Tumbleweed openvpn-devel-2.5.3-1.2 as a component of openSUSE Tumbleweed openvpn-down-root-plugin-2.5.3-1.2 as a component of openSUSE Tumbleweed Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option. CVE-2005-3393 openSUSE Tumbleweed:openvpn-2.5.3-1.2 openSUSE Tumbleweed:openvpn-auth-pam-plugin-2.5.3-1.2 openSUSE Tumbleweed:openvpn-devel-2.5.3-1.2 openSUSE Tumbleweed:openvpn-down-root-plugin-2.5.3-1.2 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3393.html CVE-2005-3393 https://bugzilla.suse.com/132003 SUSE Bug 132003 https://bugzilla.suse.com/132085 SUSE Bug 132085 OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler. CVE-2005-3409 openSUSE Tumbleweed:openvpn-2.5.3-1.2 openSUSE Tumbleweed:openvpn-auth-pam-plugin-2.5.3-1.2 openSUSE Tumbleweed:openvpn-devel-2.5.3-1.2 openSUSE Tumbleweed:openvpn-down-root-plugin-2.5.3-1.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2005-3409.html CVE-2005-3409 https://bugzilla.suse.com/132003 SUSE Bug 132003 https://bugzilla.suse.com/132085 SUSE Bug 132085 OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. CVE-2006-1629 openSUSE Tumbleweed:openvpn-2.5.3-1.2 openSUSE Tumbleweed:openvpn-auth-pam-plugin-2.5.3-1.2 openSUSE Tumbleweed:openvpn-devel-2.5.3-1.2 openSUSE Tumbleweed:openvpn-down-root-plugin-2.5.3-1.2 moderate 9 AV:N/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-1629.html CVE-2006-1629 https://bugzilla.suse.com/165123 SUSE Bug 165123 OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. CVE-2006-4339 openSUSE Tumbleweed:openvpn-2.5.3-1.2 openSUSE Tumbleweed:openvpn-auth-pam-plugin-2.5.3-1.2 openSUSE Tumbleweed:openvpn-devel-2.5.3-1.2 openSUSE Tumbleweed:openvpn-down-root-plugin-2.5.3-1.2 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-4339.html CVE-2006-4339 https://bugzilla.suse.com/202366 SUSE Bug 202366 https://bugzilla.suse.com/203595 SUSE Bug 203595 https://bugzilla.suse.com/206636 SUSE Bug 206636 https://bugzilla.suse.com/207635 SUSE Bug 207635 https://bugzilla.suse.com/215623 SUSE Bug 215623 https://bugzilla.suse.com/218303 SUSE Bug 218303 https://bugzilla.suse.com/233584 SUSE Bug 233584 https://bugzilla.suse.com/564512 SUSE Bug 564512 OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. CVE-2017-12166 openSUSE Tumbleweed:openvpn-2.5.3-1.2 openSUSE Tumbleweed:openvpn-auth-pam-plugin-2.5.3-1.2 openSUSE Tumbleweed:openvpn-devel-2.5.3-1.2 openSUSE Tumbleweed:openvpn-down-root-plugin-2.5.3-1.2 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-12166.html CVE-2017-12166 https://bugzilla.suse.com/1060877 SUSE Bug 1060877 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). CVE-2017-7521 openSUSE Tumbleweed:openvpn-2.5.3-1.2 openSUSE Tumbleweed:openvpn-auth-pam-plugin-2.5.3-1.2 openSUSE Tumbleweed:openvpn-devel-2.5.3-1.2 openSUSE Tumbleweed:openvpn-down-root-plugin-2.5.3-1.2 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7521.html CVE-2017-7521 https://bugzilla.suse.com/1044947 SUSE Bug 1044947 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character. CVE-2017-7522 openSUSE Tumbleweed:openvpn-2.5.3-1.2 openSUSE Tumbleweed:openvpn-auth-pam-plugin-2.5.3-1.2 openSUSE Tumbleweed:openvpn-devel-2.5.3-1.2 openSUSE Tumbleweed:openvpn-down-root-plugin-2.5.3-1.2 moderate 6.3 AV:N/AC:M/Au:S/C:N/I:N/A:C 4 AV:N/AC:L/Au:S/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7522.html CVE-2017-7522 https://bugzilla.suse.com/1044947 SUSE Bug 1044947 openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation. CVE-2018-9336 openSUSE Tumbleweed:openvpn-2.5.3-1.2 openSUSE Tumbleweed:openvpn-auth-pam-plugin-2.5.3-1.2 openSUSE Tumbleweed:openvpn-devel-2.5.3-1.2 openSUSE Tumbleweed:openvpn-down-root-plugin-2.5.3-1.2 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-9336.html CVE-2018-9336 https://bugzilla.suse.com/1090647 SUSE Bug 1090647 https://bugzilla.suse.com/1090839 SUSE Bug 1090839 An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 (P_DATA_V2) packet using a victim's peer-id. Normally such packets are dropped, but if this packet arrives before the data channel crypto parameters have been initialized, the victim's connection will be dropped. This requires careful timing due to the small time window (usually within a few seconds) between the victim client connection starting and the server PUSH_REPLY response back to the client. This attack will only work if Negotiable Cipher Parameters (NCP) is in use. CVE-2020-11810 openSUSE Tumbleweed:openvpn-2.5.3-1.2 openSUSE Tumbleweed:openvpn-auth-pam-plugin-2.5.3-1.2 openSUSE Tumbleweed:openvpn-devel-2.5.3-1.2 openSUSE Tumbleweed:openvpn-down-root-plugin-2.5.3-1.2 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-11810.html CVE-2020-11810 https://bugzilla.suse.com/1169925 SUSE Bug 1169925 OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. CVE-2020-15078 openSUSE Tumbleweed:openvpn-2.5.3-1.2 openSUSE Tumbleweed:openvpn-auth-pam-plugin-2.5.3-1.2 openSUSE Tumbleweed:openvpn-devel-2.5.3-1.2 openSUSE Tumbleweed:openvpn-down-root-plugin-2.5.3-1.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-15078.html CVE-2020-15078 https://bugzilla.suse.com/1185279 SUSE Bug 1185279