Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-0547

OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.

Related bugs and status

CVE-2022-0547 (Candidate) is related to these bugs:

Bug #2004676: MRE Updates 2.5.9 / 2.4.12

		In	Importance	Status
2004676	MRE Updates 2.5.9 / 2.4.12	openvpn (Ubuntu)	Undecided	Fix Released
2004676	MRE Updates 2.5.9 / 2.4.12	openvpn (Ubuntu Focal)	Undecided	Fix Released
2004676	MRE Updates 2.5.9 / 2.4.12	openvpn (Ubuntu Jammy)	Undecided	Fix Released

Bug #2039025: OpenVPN package in ubuntu 22.04 is not updated and is still vulnerable to CVE-2022-0547

Summary				In	Importance	Status
	2039025	OpenVPN package in ubuntu 22.04 is not updated and is still vulnerable to CVE-2022-0547		openvpn (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: https://community.open...
MISC: https://community.open...
MISC: https://openvpn.net/co...
FEDORA: FEDORA-2022-7d46acce7c
FEDORA: FEDORA-2022-cb4c1146dc
MLIST: [debian-lts-announce] ...