Amazon Linux 1 Security Advisory: ALAS-2023-1719
Advisory Release Date: 2023-03-30 22:50 Pacific
Advisory Updated Date: 2023-04-05 20:23 Pacific
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. (CVE-2022-0547)
Affected Packages:
openvpn
Issue Correction:
Run yum update openvpn to update your system.
i686:
openvpn-devel-2.4.12-1.43.amzn1.i686
openvpn-2.4.12-1.43.amzn1.i686
openvpn-debuginfo-2.4.12-1.43.amzn1.i686
src:
openvpn-2.4.12-1.43.amzn1.src
x86_64:
openvpn-devel-2.4.12-1.43.amzn1.x86_64
openvpn-debuginfo-2.4.12-1.43.amzn1.x86_64
openvpn-2.4.12-1.43.amzn1.x86_64