Overview
OpenVPN has released an update to address a vulnerability in their products. Users of affected versions are advised to update to the latest version.
Affected Products
CVE-2024-27459, CVE-2024-24974, CVE-2024-27903, CVE-2024-1305
- OpenVPN versions: ~ 2.6.10 (excluded)
Resolved Vulnerabilities
Local privilege escalation vulnerability in OpenVPN (CVE-2024-27459)
Unauthorized access vulnerability in OpenVPN (CVE-2024-24974)
Malicious Plugin Load Vulnerability in OpenVPN (CVE-2024-27903)
Buffer overflow vulnerability in OpenVPN (CVE-2024-1305)
Vulnerability Patches
The following Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-27459, CVE-2024-24974, CVE-2024-27903, CVE-2024-1305
- OpenVPN version: 2.6.10
Referenced Sites
[1] CVE-2024-27459 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-27459
[2] CVE-2024-24974 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-24974
[3] CVE-2024-27903 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-27903
[4] CVE-2024-1305 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-1305
[5] [Openvpn-users] OpenVPN 2.6.10 released
https://www.mail-archive.com/[email protected]/msg07534.html
Article Link: OpenVPN Product Security Update Advisory – ASEC