OpenVPN package in ubuntu 22.04 is not updated and is still vulnerable to CVE-2022-0547
Bug #2039025 reported by
Emanuele Antonio Faraone
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
In the 22.04 updates repository the openVPN package is at version 2.5.5-1ubuntu3.1, this version is still vulnerable to CVE-2022-0547, which is fixed in the proposed package (version 2.5.8-0ubuntu0.
I think the proposed package should be sent to the updates channel (for some reason it has been in proposed since april)
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.
CVE-2022-0547 was fixed in the 2.5.5-1ubuntu3 version of the package, which is older than the 2.5.5-1ubuntu3.1 version that is currently available.