Author Topic: Linux VPN bug (The Register)  (Read 658 times)

0 Members and 1 Guest are viewing this topic.

Offline Jason

  • President
  • Administrator
  • Hero Member
  • *****
  • Posts: 3479
  • Humanist. Skeptic. Husband.
Linux VPN bug (The Register)
« on: December 29, 2019, 05:10:35 pm »
This Register article is from a few weeks ago about a vulnerability in how Linux connects to VPNs. It sounds like the miscreant has to be adjacent to the local network (not the VPN) to take advantage.

I have no idea if this affects PIA users but I've sent them an email just to be sure. I'll post their response when I get it. If anybody uses another VPN provider, I suggest contacting them as well. It sounds pretty serious.
"With all its sham, drudgery, and broken dreams, it is still a beautiful world." - Max Ehrmann, Desiderata

Offline Jason

  • President
  • Administrator
  • Hero Member
  • *****
  • Posts: 3479
  • Humanist. Skeptic. Husband.
Re: Linux VPN bug (The Register)
« Reply #1 on: December 30, 2019, 04:33:49 pm »
I received a reply from PIA regarding the bug:

Quote
Hello Jason,

Thank you for contacting the PIA Helpdesk! I will be happy to address your concerns.

We are aware of the CVE-2019-14899 vulnerability on Linux systems. The latest version of our VPN app, 1.7.0. added mitigations to counter that weakness. You can download the latest versions of our application and see a changelog for each release here: https://www.privateinternetaccess.com/pages/changelog

If you have further questions, we'll be glad to answer them!


Best,

Nathanael M.
Customer Support Agent
A+, Net+, Sec+

I asked and received permission to post this email and Nathanael also mentioned that their official announcement can be found here.
"With all its sham, drudgery, and broken dreams, it is still a beautiful world." - Max Ehrmann, Desiderata