This bug was fixed in the package openvpn - 2.4.4-2ubuntu1.5
--------------- openvpn (2.4.4-2ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: data channel v2 packet injection - debian/patches/CVE-2020-11810.patch: fix illegal client float in src/openvpn/multi.c. - CVE-2020-11810 * SECURITY UPDATE: Authentication bypass with deferred authentication - debian/patches/CVE-2020-15078.patch: ensure key state is authenticated before sending push reply in src/openvpn/push.c. - CVE-2020-15078
-- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 10:54:29 -0400
This bug was fixed in the package openvpn - 2.4.4-2ubuntu1.5
---------------
openvpn (2.4.4-2ubuntu1.5) bionic-security; urgency=medium
* SECURITY UPDATE: data channel v2 packet injection patches/ CVE-2020- 11810.patch: fix illegal client float in openvpn/ multi.c. patches/ CVE-2020- 15078.patch: ensure key state is
- debian/
src/
- CVE-2020-11810
* SECURITY UPDATE: Authentication bypass with deferred authentication
- debian/
authenticated before sending push reply in src/openvpn/push.c.
- CVE-2020-15078
-- Marc Deslauriers <email address hidden> Tue, 27 Apr 2021 10:54:29 -0400