OpenVPN package in ubuntu 22.04 is not updated and is still vulnerable to CVE-2022-0547
Bug #2039025 reported by
Emanuele Antonio Faraone
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openvpn (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
In the 22.04 updates repository the openVPN package is at version 2.5.5-1ubuntu3.1, this version is still vulnerable to CVE-2022-0547, which is fixed in the proposed package (version 2.5.8-0ubuntu0.
I think the proposed package should be sent to the updates channel (for some reason it has been in proposed since april)
CVE References
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #1 |
| Changed in openvpn (Ubuntu): | |
| status: | New → Invalid |
| information type: | Private Security → Public Security |
To post a comment you must log in.
CVE-2022-0547 was fixed in the 2.5.5-1ubuntu3 version of the package, which is older than the 2.5.5-1ubuntu3.1 version that is currently available.