Hi,
Just a quick update on an OpenVPN update which was released this week.
Fedora packages are in the release pipe, but needs to get some karma to
move on quicker. Since this issue is critical, I'm adding an additional
notice here.
The TL;DR version:
OpenVPN 2.5.1 and earlier versions allows a remote attackers to
bypass authentication and access control channel data on servers
configured with deferred authentication, which can be used to
potentially trigger further information leaks.
Details on the issue can be found here:
<https://community.openvpn.net/openvpn/wiki/CVE-2020-15078>
Please test and update as soon as possible.
Updated packages
----------------
Fedora 33: <https://bodhi.fedoraproject.org/updates/FEDORA-2021-242ef81244>
Fedora 34: <https://bodhi.fedoraproject.org/updates/FEDORA-2021-b805c26afa>
Fedora Rawhide:
<https://bodhi.fedoraproject.org/updates/FEDORA-2021-268c06b2cf>
EPEL-7:
<https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-ec6398823b>
EPEL-8:
<https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-0754fdd085>
In addition, we have Fedora Copr builds with the latest OpenVPN 2.5
release for distros shipping OpenVPN 2.4 in the main repos:
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/build/2143551/>
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
