Lits'oants'o tse lokisoang tsa OpenVPN 2.5.2 le 2.4.11 li lokisitsoe, sephutheloana sa ho theha marang-rang a ikemetseng a u lumellang ho hlophisa khokahano e patiloeng lipakeng tsa mechini e 'meli ea bareki kapa ho fana ka seva e bohareng ea VPN bakeng sa ts'ebetso ea nako e le' ngoe ea bareki ba 'maloa. Khoutu ea OpenVPN e ajoa tlas'a laesense ea GPLv2, liphutheloana tsa binary tse seng li entsoe li etselitsoe Debian, Ubuntu, CentOS, RHEL le Windows.
Lits'oants'o tse ncha li lokisa ts'oenyeho (CVE-2020-15078) e lumellang mohlaseli ea hole ho feta ho netefatso le lithibelo tsa phihlello ea ho lutla litlhophiso tsa VPN. Bothata bo hlaha feela ho li-server tse lokiselitsoeng ho sebelisa deferred_auth. Maemong a mang, mohlaseli a ka qobella seva ho khutlisa molaetsa oa PUSH_REPLY o nang le lintlha tse mabapi le litlhophiso tsa VPN pele o romella molaetsa oa AUTH_FAILED. Ha e kopantsoe le ts'ebeliso ea paramethara ea --auth-gen-token kapa ts'ebeliso ea mosebelisi ea leano la bona la netefatso le ipapisitseng le token, ho ba kotsing ho ka etsa hore motho e mong a fihle ho VPN a sebelisa ak'haonte e sa sebetseng.
Har'a liphetoho tseo e seng tsa ts'ireletso, ho na le katoloso ea pontšo ea tlhahisoleseling mabapi le li-ciphers tsa TLS tseo ho lumellanoeng ka tsona hore li sebelisoe ke moreki le seva. Ho kenyeletswa le tlhahisoleseding e nepahetseng mabapi le tshehetso ya disetifikeiti tsa TLS 1.3 le EC. Ntle le moo, ho ba sieo ha faele ea CRL e nang le lenane la ho hlakoloa ha setifikeiti nakong ea ho qala OpenVPN hona joale ho nkuoa e le phoso e lebisang ho felisoe.
Source: opennet.ru