ALT-BU-2022-5030-1
Branch sisyphus update bulletin.
Closed vulnerabilities
BDU:2022-01642
Уязвимость программного обеспечения OpenVPN, связанная с недостатками процедуры аутентификации, позволяющая нарушителю обойти процесс аутентификации и получить доступ к конфиденциальной информации
Modified: 2024-11-21
CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
- https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
- https://community.openvpn.net/openvpn/wiki/CVE-2022-0547
- https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
- https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
- [debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update
- [debian-lts-announce] 20220503 [SECURITY] [DLA 2992-1] openvpn security update
- FEDORA-2022-cb4c1146dc
- FEDORA-2022-cb4c1146dc
- FEDORA-2022-7d46acce7c
- FEDORA-2022-7d46acce7c
- https://openvpn.net/community-downloads/
- https://openvpn.net/community-downloads/
Closed bugs
обновление до версии 2.5.6
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-1529
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.
Modified: 2024-11-21
CVE-2022-1802
If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.