-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
A new version of OpenVPN-NL (2.3.2-nl1) is available on the OpenVPN-NL
site [1]. This version is based on OpenVPN 2.3.2, and PolarSSL 1.2.8
[2].
The new version of OpenVPN-NL includes a new PolarSSL release, which
fixes a denial-of-service possibility during TLS negotiation [3]. A
successful attack could compromise the availability, but would *not*
compromise confidentiality. In OpenVPN-NL, this denial-of-service
attack can only be exploited when the group key ("tls-auth") has been
compromised.
We strongly recommend that you upgrade to the new version of OpenVPN-NL.
References
- - - - - ----------
[1] https://openvpn.fox-it.com/
[2] https://polarssl.org/tech-updates/releases
[3]
https://polarssl.org/tech-updates/security-advisories/polarssl-security-adv…
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBCAAGBQJR1rCiAAoJEEEwndWOY1w5wQAH/2TyRgP4F3PUoUe5S2j98DH1
izlBarfToTtkzD4yibmcr9vY5gJMR2kKQig+FcU82n83EK0Pd+gM7cwOxGt4pWeg
vsMHaO163oE0B5tQ8XNiA0loCmYkj8Zr1zlIS8livEyPzJh+pbfQHUv6A6q5wjlz
UPJ8tLM57qoN9NAb3XqaPN8B1kZ3I/7fMUzRzrzs2tW2AqYTxw+2vMAiHWUf6dgE
14JpmWlXe2a28IhWHY+PztioVROZB9oUGWsg5+yHZqTIQIy1GJHw6CyyfSxn7r3x
1RhCMNjkP/E+B3hSlDNK9iEFC2npu+x65JkbokSNSMNJsujlIK29xjYR+0o0o9s=
=m/j9
-----END PGP SIGNATURE-----
