A vulnerability in QtIFW produces improper ACLs to be set when installing in custom locations. This can lead to privilege escalation if a non-privileged user overwrites the openvpn binary. Thanks to researchers at Tenable for finding and reporting this! Impact is considered low-medium, since an installation outside of the suggested path is needed to trigger the issue. Privileged execution of openvpn should be abandoned in next release, in favor of the interactive service. A bug upstream should be filed since other projects could be affected by this vulnerability too. -Resolves: #569e694a038
To find the state of this project's repository at the time of any of these versions, check out the tags.