• Welcome to Peterborough Linux User Group (Canada) Forum.
 

Linux VPN bug (The Register)

Started by Jason, December 29, 2019, 05:10:35 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

This Register article is from a few weeks ago about a vulnerability in how Linux connects to VPNs. It sounds like the miscreant has to be adjacent to the local network (not the VPN) to take advantage.

I have no idea if this affects PIA users but I've sent them an email just to be sure. I'll post their response when I get it. If anybody uses another VPN provider, I suggest contacting them as well. It sounds pretty serious.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13

Jason

I received a reply from PIA regarding the bug:

Quote
Hello Jason,

Thank you for contacting the PIA Helpdesk! I will be happy to address your concerns.

We are aware of the CVE-2019-14899 vulnerability on Linux systems. The latest version of our VPN app, 1.7.0. added mitigations to counter that weakness. You can download the latest versions of our application and see a changelog for each release here: https://www.privateinternetaccess.com/pages/changelog

If you have further questions, we'll be glad to answer them!


Best,

Nathanael M.
Customer Support Agent
A+, Net+, Sec+

I asked and received permission to post this email and Nathanael also mentioned that their official announcement can be found here.
* Zorin OS 17.1 Core and Windows 11 Pro on a Dell Precision 3630 Tower with an
i5-8600 3.1 GHz 6-core processor, dual 22" displays, 16 GB of RAM, 512 GB Nvme and a Geforce 1060 6 GB card
* Motorola Edge (2022) phone with Android 13