Security update for openvpn
This update for openvpn fixes the following issues:
- CVE-2020-15078: Fixed authentication bypass with deferred authentication (bsc#1185279).
- CVE-2020-11810: Fixed race condition between allocating peer-id and initializing data channel key (bsc#1169925).
- CVE-2018-7544: Fixed cross-protocol scripting issue that was discovered in the management interface (bsc#1085803).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Reinhard Max (rmax)
Fixed bugs
bnc#1185279
VUL-0: CVE-2020-15078: openvpn, openvpn-openssl1: Authentication bypass with deferred authentication
bnc#1169925
VUL-1: CVE-2020-11810: openvpn: race condition between allocating peer-id and initializing data channel key
bnc#1085803
VUL-1: CVE-2018-7544: openvpn: Cross-protocol scripting issue was discovered in the management interface
