Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1719
Advisory Released Date: 2023-04-05
Advisory Updated Date: 2023-04-05
Severity:
Low
Issue Overview:
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. (CVE-2022-0547)
Affected Packages:
openvpn
Issue Correction:
Run yum update openvpn to update your system.
New Packages:
i686:
openvpn-devel-2.4.12-1.43.amzn1.i686
openvpn-2.4.12-1.43.amzn1.i686
openvpn-debuginfo-2.4.12-1.43.amzn1.i686
src:
openvpn-2.4.12-1.43.amzn1.src
x86_64:
openvpn-devel-2.4.12-1.43.amzn1.x86_64
openvpn-debuginfo-2.4.12-1.43.amzn1.x86_64
openvpn-2.4.12-1.43.amzn1.x86_64