ClickCease Ubuntu Fixes Two OpenVPN Vulnerabilities

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Ubuntu Fixes Two OpenVPN Vulnerabilities

by Rohan Timalsina

July 30, 2024 - TuxCare expert team

Two vulnerabilities were discovered in openvpn, a virtual private network software which could keep the closing session active or result in denial of service. Canonical released security updates to address these vulnerabilities in affected Ubuntu releases. These include Ubuntu 24.04 LTS, Ubuntu 23.10, Ubuntu 22.04 LTS, and Ubuntu 20.04 LTS.

Let’s look at the details of these vulnerabilities and learn how to stay secure.

 

OpenVPN Vulnerabilities Fixed in Ubuntu

 

CVE-2024-28882

It was found that OpenVPN in a server role accepts multiple exit notifications from authenticated clients. This oversight allows a remote authenticated client to keep the connection active and extend the validity of a closing session. This vulnerability only affected Ubuntu 23.10, and Ubuntu 24.04 LTS.

 

CVE-2024-5594

This vulnerability involves the incorrect handling of certain control channel messages with nonprintable characters. A remote attacker could possibly use this issue to cause OpenVPN to cause high CPU load, or fill up log files with garbage, leading to a denial of service.

 

How to Stay Secure

 

To protect your Ubuntu systems, it is crucial to update the OpenVPN installation to the latest patched version promptly. Canonical has patched these OpenVPN vulnerabilities in the following newer versions:

  • Ubuntu 24.04: 2.6.9
  • Ubuntu 23.10: 2.6.5
  • Ubuntu 22.04: 2.5.9
  • Ubuntu 20.04: 2.4.12

To update OpenVPN, first use this command to update the package repository.

$ sudo apt update

Then run this command to upgrade the OpenVPN package.

$ sudo apt --upgrade-only openvpn

 

Protecting End of Life Ubuntu Systems

 

End of Life (EOL) Ubuntu releases no longer receive security updates, which make them highly vulnerable to emerging vulnerabilities. To secure EOL Ubuntu systems from OpenVPN vulnerabilities, you have a couple of options to receive necessary security updates.

Ubuntu Pro: Canonical offers an Extended Security Maintenance (ESM) service through the Ubuntu Pro subscription. This service provides security updates for end-of-life Ubuntu releases but can be relatively expensive.

 

TuxCare’s Extended Lifecycle Support: TuxCare offers a more affordable solution with their Extended Lifecycle Support. This service provides security updates for an additional five years after the end-of-life date of an Ubuntu release. TuxCare covers a wide range of packages, including OpenVPN, Linux kernel, glibc, OpenSSL, Python, PHP, and more. This comprehensive coverage ensures that your system remains secure even after the official support period ends.

 

Source: USN-6860-1

Summary
Ubuntu Fixes Two OpenVPN Vulnerabilities
Article Name
Ubuntu Fixes Two OpenVPN Vulnerabilities
Description
Discover the latest OpenVPN vulnerabilities affecting Ubuntu systems. Learn how to update installations and secure your network.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!