Amazon Linux 1 Security Advisory: ALAS-2021-1531
Advisory Release Date: 2021-09-02 22:54 Pacific
Advisory Updated Date: 2021-09-08 19:21 Pacific
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. (CVE-2020-15078)
Affected Packages:
openvpn
Issue Correction:
Run yum update openvpn to update your system.
i686:
openvpn-devel-2.4.11-1.48.amzn1.i686
openvpn-2.4.11-1.48.amzn1.i686
openvpn-debuginfo-2.4.11-1.48.amzn1.i686
src:
openvpn-2.4.11-1.48.amzn1.src
x86_64:
openvpn-debuginfo-2.4.11-1.48.amzn1.x86_64
openvpn-2.4.11-1.48.amzn1.x86_64
openvpn-devel-2.4.11-1.48.amzn1.x86_64