Ukukhishwa okulungile kwe-OpenVPN 2.5.2 kanye ne-2.4.11 sekulungisiwe, iphakheji lokudala amanethiwekhi ayimfihlo abonakalayo akuvumela ukuthi uhlele ukuxhumana okubethelwe phakathi kwemishini yamaklayenti amabili noma unikeze iseva ye-VPN ephakathi nendawo ukuze kusebenze ngesikhathi esisodwa amaklayenti amaningana. Ikhodi ye-OpenVPN isatshalaliswa ngaphansi kwelayisensi ye-GPLv2, amaphakheji kanambambili enziwe ngomumo akhiqizelwa i-Debian, Ubuntu, CentOS, RHEL kanye ne-Windows.
Ukukhishwa okusha kulungisa ukuba sengozini (CVE-2020-15078) okuvumela umhlaseli okude ukuthi adlule ukuqinisekiswa kanye nemikhawulo yokufinyelela ukuze avuze izilungiselelo ze-VPN. Inkinga ivela kuphela kumaseva alungiselelwe ukusebenzisa i-deferred_auth. Ngaphansi kwezimo ezithile, umhlaseli angaphoqa iseva ukuthi ibuyisele umlayezo PUSH_REPLY ngedatha emayelana nezilungiselelo ze-VPN ngaphambi kokuthumela umlayezo othi AUTH_FAILED. Uma kuhlanganiswe nokusetshenziswa kwepharamitha --auth-gen-token noma ukusebenzisa komsebenzisi isikimu sakhe sokuqinisekisa esisekelwe kumathokheni, ubungozi bungase bubangele ukuthi othile athole ukufinyelela ku-VPN esebenzisa i-akhawunti engasebenzi.
Phakathi kwezinguquko ezingezona ezokuvikela, kukhona ukunwetshwa kokuboniswa kolwazi olumayelana nama-ciphers we-TLS okuvunyelwene ngawo ukuze asetshenziswe iklayenti neseva. Kubandakanya ulwazi olulungile mayelana nokusekelwa kwezitifiketi ze-TLS 1.3 ne-EC. Ngaphezu kwalokho, ukungabikho kwefayela le-CRL elinohlu lokuhoxiswa kwesitifiketi ngesikhathi sokuqalisa i-OpenVPN manje sekuthathwa njengephutha eliholela ekunqanyulweni.
Source: opennet.ru