list-openvpn-nl

list-openvpn-nl@lists.fox-it.com

41 discussions

OpenVPN-NL 2.4.6-nl2 released
by Steffan Karger 01 Jun '18

01 Jun '18

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 A new version of OpenVPN-NL (2.4.6-nl2) is available on the OpenVPN-NL website [1]. This version is based on OpenVPN 2.4.6 [2], and mbed TLS 2.9.0 [3]. This release resolves several security issues: 1) CVE-2018-9336: fix potential double-free() in the Windows Interactive Service A local attacker could send malformed input data on the service pipe towards the OpenVPN interactive service, which can result in a double free() in the error handling code. This usually only leads to a process crash (DoS by an unprivileged local account) but it could lead to memory corruption and potentially privilege escalation if happening while multiple other threads are active at the same time. This only affects users that run the interactive service on Windows. 2) Out-of-bounds read in the tap-windows driver This allows a local attacker that is able to send invalid ICMPv6 packets from the local machine to the local tap-windows adapter to crash the local machine (BSOD). The overread data is not leaked to the attacker or peer. 3) Several bugfixes in mbed TLS mbed TLS 2.8 fixed a number of denial-of-service bugs [4]. mbed TLS 2.9 fixed a number of parsing bugs, which have no or very limited impact on OpenVPN-NL, because most of the affected components are disabled, and the strict set of allowed ciphers prevents selecting an insecure cipher. Furthermore, the usage of tls-auth or tls-crypt prevents an attacker without the tls-auth/tls-crypt key from executing an attack. This release uses a new (Extended Validation) Windows Code signing certificate for the tap-windows driver files. The sha1 fingerprint of this new certificate is: 27:FA:AB:56:C8:F3:52:FD:E8:2F:4E:E7:B0:81:52:4B:DD:94:28:91 The preexisting certificate is still used for non-kernel mode signing, such as the installers and openvpn(serv).exe binaries. References - ---------- [1] https://openvpn.fox-it.com/ [2] https://github.com/OpenVPN/openvpn/blob/v2.4.6/Changes.rst [3] https://tls.mbed.org/tech-updates/releases/mbedtls-2.9.0-2.7.3-and-2.1.1 2-released [4] https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.1 1-released -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJbEUKsAAoJEEEwndWOY1w5dkwH/2b8uAaNG2/re0z2PN+QgTWc 7DhP17geYtrcOs16b/KvhnqSGx8GqaC/1Zyj6TYoLEU4sYATuzZGUmTEt/gji+0w WlXc9lz8YIdaD37gyGtyR5Ka5hREL6WLARX6jwCos4B6ziYcncumxkH4yHeSD/pI PdDZKJdVGYrpiDNUcg9LUyIbshOGv36RJ966uFVbSHpLekHdEXwCF+giae3Bxisa QQJREEQzYPqKRWyxggUg9kPU0ofPyT6+BAGtOVqW2uW/HX1J2AdyygC1abPWbFUA 66ZqtcXiYxNw0ykx9ZeoKvi7Y7l1Kkkt6r8XigYII8ztmCze/lHBhNYD0cc7sV0= =i4Tf -----END PGP SIGNATURE-----

1 0

OpenVPN-NL 2.4.4-nl1 released
by Steffan Karger 15 Nov '17

15 Nov '17

A new version of OpenVPN-NL (2.4.4-nl1) is available on the OpenVPN-NL website [1]. This version is based on OpenVPN 2.4.4 [2], and mbed TLS 2.6.0 [3]. This release does not fix any imminent security issues, but does further tighten overall security. Users are advised to upgrade to OpenVPN-NL 2.4.4-nl1 at any convenient time. OpenVPN-NL 2.4 comes with a number of new features. Most of these are equal to the new features in upstream OpenVPN 2.4, see [4] for details. For OpenVPN-NL specifically, we'd like to highlight a few: New ciphers: The control channel now support the following cipher suites by default: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 The --tls-cipher option allows to also include the backwards-compatibility cipher suite: TLS-DHE-RSA-WITH-AES-256-CBC-SHA The data channel now supports both --cipher AES-256-CBC + --auth SHA256 (like 2.3 did), and --cipher AES-256-GCM (which doesn't need --auth). Data channel cipher negotiation: Negotiable Cipher Parameters (NCP) allows users to upgrade from the previous OpenVPN-NL data channel cipher (AES-256-CBC + HMAC-SHA256) to the new data channel cipher (AES-256-GCM) without running multiple server instances. The new cipher has better performance and a lower per-packet overhead. If NCP is enabled at both ends, AES-256-GCM is automatically negotiated. In OpenVPN-NL 2.4, NCP is enabled by default on client instances, but disabled by default on server instances to allow server administrators to have full control over the cipher upgrade. NCP can be enabled using the --ncp-enable option. Control channel encryption: The new --tls-crypt option can be used instead of --tls-auth, to both encrypt and authenticate control channel packets. This hides the TLS certificate contents from attackers without the --tls-crypt key. Better support for roaming clients: UDP mode now supports client IP/port changes without requiring a reconnect. This reduces the need for clients to reconnect often, improving connection stability and reducing server load. Stricter CRL checking: The CRL verification implementation now verifies that the CRL is correctly signed by the CA, and interprets the CRL 'nextUpdate' field as an expiration date. If the CRL is expired, connections will be rejected. Stricter config file checking: Unused parameters to config options are no longer silently ignored. Instead, such configs are now rejected on startup. For more details, please refer to the upstream Changes document on [4]. References ---------- [1] https://openvpn.fox-it.com/ [2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24 [3] https://tls.mbed.org/tech-updates/releases/mbedtls-2.6.0-2.1.9-and-1.3.21-r… [4] https://github.com/OpenVPN/openvpn/blob/v2.4.4/Changes.rst

1 1

OpenVPN-NL 2.3.9-nl4 released
by Gert van Dijk 22 Sep '17

22 Sep '17

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 A new version of OpenVPN-NL (2.3.9-nl4) is available on the OpenVPN-NL website [1]. This version is based on OpenVPN 2.3.9 [2], and PolarSSL 1.2.19 [3]. This release of OpenVPN-NL removes the 'key-method 1' key exchange. OpenVPN-NL has always used 'key-method 2' as its default, and this only affects users that previously explicitly set 'key-method 1' in their configuration. Key-method 1 is removed, because a buffer overwrite security issue was discovered [4]. Since key-method 1 is not needed and inferior to key-method 2, OpenVPN-NL decided to remove the functionality to eliminate the vulnerability and reduce attack surface. Users are advised to refrain from using 'key-method 1'. Users that do not use 'key-method 1' can upgrade to OpenVPN-NL 2.3.9-nl4 at any convenient time. As of this release, OpenVPN-NL is also available for Debian Stretch. References - ---------- [1] https://openvpn.fox-it.com/ [2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 [3] https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-an d-polarssl.1.2.19-released [4] https://community.openvpn.net/openvpn/wiki/CVE-2017-12166 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCgAGBQJZxQGuAAoJEOK/pu29oZxvq1kP/jlaJvgx3+u/62BrhktqLflA RG0RUlztpk8j2UStxT6etTNPIYgQMalRpZk9Gf/GJnjMAeSkUQQGMVbazpNokAT+ AZr6FBZmbzwgjSvLhn1WSMfktWIiWYV7gjhpDRqO/kgwrCGJqVArCYGdwVEqTZGK pTeZkRHlL37WzKA+W4RnubUtakPsp9qsbz6aporACeQa00OGRR8+KJA8p7dzlfj5 r+YgPv5L0G5rdjUWfUTp0llvb+Gb2l4cVrfYbVkYtbHw78WpTCREF9L1NqSSkj5Z qjJ4PzR1q/tSLioOpUN34Et+1+dzkMk4CySnLhURW2H7XAwf0nLXYpALE+XJJTIi EU80Id9zjBByDb5wGspQt4jMu8WEtqunTT8RM69avSxJEJrLDThrXwYiMorRRAtY 966Dwrv63DhAT2YPG4W4PuEzUqIl+uEtpV6O5/Uyi2MVG+9A4aG217es/pzm0eHv P+1U6YykP3OEi1pGDtF60g4h3eongoqTuI1czhzjTG2eWHzQdBDeqC3g3kIwuriw wt5U1R2JRiza+u1ex/BgbNH6gMR3lNftcgD0X5h6s+CEb2FoxwSWgTRkpiFFhw+D AOCsCqJ+KR6jF+Up3XZokwpIGwD6EnyrwoEvcwswFcIBYgw4Z1fptzqIhgRlu28a OO/K0GYa+kBMjbFqavu9 =4yET -----END PGP SIGNATURE-----

1 0

OpenVPN-NL 2.3.9-nl3 released
by Steffan Karger 21 Jun '17

21 Jun '17

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 A new version of OpenVPN-NL (2.3.9-nl3) is available on the OpenVPN-NL website [1]. This version is based on OpenVPN 2.3.9 [2], and PolarSSL 1.2.19 [3]. This new version of OpenVPN-NL includes two security fixes: 1) Post-authentication client-to-server denial-of-service A fully authenticated client can send a specially crafted packet to the OpenVPN server, causing the server to crash. An attacker needs a valid certificate, and - if it is in use - a valid tls-auth key to mount this attack. Only servers that have enabled IPv6 inside the tunnel are affected (e.g. through the --server-ipv6, - --ifconfig-ipv6-pool, --ifconfig-ipv6-push or --iroute-ipv6 options). 2) Pre-authentication remote crash/information disclosure for clients If clients use a HTTP proxy with NTLM authentication (i.e. "--http-proxy <server> <port> [<authfile>|'auto'|'auto-nct'] ntlm2"), a man-in-the-middle attacker between the client and the proxy can cause the client to crash or disclose at most 96 bytes of stack memory. The disclosed stack memory is likely to contain the proxy password. If the proxy password is not reused, this is unlikely to compromise the security of the OpenVPN tunnel itself. Clients who do not use the --http-proxy option with ntlm2 authentication are not affected. This release removes the --http-proxy NTLM authentication methods to remove the vulnerability. NTLM authentication will be re-added once we have regained confidence in the quality of the NTLM authentication module code. Furthermore, this release force-disables MD5 digests for certificates. This is a hardening measure that prevents accidental misconfiguration where the Certificate Authority may issue certificates with MD5 digests. Users are advised to upgrade all OpenVPN-NL servers to 2.3.9-nl3, and upgrade clients if the vulnerable HTTP proxy with ntlm2 authentication is used. More information on the vulnerabilities can be found at [4]. References - ---------- [1] https://openvpn.fox-it.com/ [2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 [3] https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-an d-polarssl.1.2.19-released [4] https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN 243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJZSlvzAAoJEEEwndWOY1w57AwH/iMrL5rKp+qazbZspfyTFZwq 7RGhWQoML/QpHQeycznQ7zb+b7YXYb/JWFoW95s2VisDeZDv63oDB7QxhqpMW7je dXdmxV3TM1xW1exjd86EP2eTNG6/80z4ZDJg1rTP3aXPPwBWL77UHKLVTeL49PxK SjhY+kPhVj9tjgPxYZzQa88R8X34JoLVKo0OhcciyJ48Pk2/6NJnI+rKf5EB337f bEyPVqat7I4IcPWgTOYurx0V2ljrVJN7xlIj7lm2J4phzuTffl1NC4iUbmYgGBnD bS7H92wqe2MxZts54QcFVDEKZpiv444qbHoc7vrocSM9BBeZfwOidaRyA0TCG/Q= =PhV3 -----END PGP SIGNATURE-----

1 0

Security advisory - upstream audits, remote DoS
by Steffan Karger 11 May '17

11 May '17

Summary: Upstream OpenVPN has been audited. The audits identified two remote DoS vulnerabilities. OpenVPN-NL is _not_ vulnerable to the pre-authentication DoS attack (CVE-2017-7478), but _is_ vulnerable to the very inefficient authenticated remote DoS attack (CVE-2017-7479). Due to the extremely limited nature of CVE-2017-7479, we will not release an OpenVPN-NL 2.3.x update, but instead continue our focus on making a 2.4.x release that contains these fixes. Background: Upstream OpenVPN 2.4 was simultaneously reviewed by Quarkslab (funded by OSTIF) and Cryptography Engineering LCC (funded by Private Internet Access) [0]. These audits both concluded that OpenVPN is a strong product, offering good security to it's users. Also, both audit praised the efforts of OpenVPN-NL in hardening both OpenVPN and OpenVPN-NL. The Quarkslab audit identified two remote Denial-of-Service vulnerabilities: 1) A pre-authentication Denial of Service (CVE-2017-7478) This affects OpenVPN 2.3.12 and newer. The most recent OpenVPN-NL is based on OpenVPN 2.3.9, and therefore _not_ vulnerable. Please refer to the upstream security announcement [0] for more information. 2) An authenticated Denial of Service (CVE-2017-7479) A fully authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit an ASSERT() and stop running. To make the server hit the ASSERT(), the client must first cause the server to send it 2^32 packets (at least 196GB). This makes it a _very_ inefficient DoS attack. Due to the extremely limited nature of CVE-2017-7479, we will not release an OpenVPN-NL 2.3.x update, but instead continue our focus on making a 2.4.x release that contains these fixes. Please refer to the upstream security announcement [0] for more information. [0] https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineer…

1 0

OpenVPN-NL 2.3.9-nl2 released
by Steffan Karger 11 May '16

11 May '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 A new version of OpenVPN-NL (2.3.9-nl2) is available on the OpenVPN-NL website [1]. This version is based on OpenVPN 2.3.9 [2], and PolarSSL 1.2.19 [3]. This new version of OpenVPN-NL includes fixes for a number of minor security issues in both OpenVPN [2] and PolarSSL [4,5,6]. If the recommended tls-auth mechanism is used in an OpenVPN-NL configuration, an attacker must possess the tls-auth key to mount an attack based on these issues. One issue is not stopped by tls-auth: a denial-of-service attack could be mounted when the --port-share option is enabled (which is disabled by default). In upstream OpenVPN and OpenVPN-NL before 2.3.8-nl1 this issue can cause a heap overflow, but OpenVPN-NL 2.3.8-nl1 already contains a hardening patch that limits this to denial-of-service. Users are advised to upgrade both OpenVPN-NL clients and servers to 2.3.9-nl2. References - ---------- [1] https://openvpn.fox-it.com/ [2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 [3] https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-p… [4] https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.0-2.1.3-1.3.15-and-p… [5] https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.2-and-1.3.14-and-pol… [6] https://tls.mbed.org/tech-updates/releases/mbedtls-2.1.1-and-1.3.13-and-pol… -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXMzxiAAoJEEEwndWOY1w5TmcH/0F/G+frzd66SikvVe9VWupQ WyBswExUGD7wfRphluzOsvs2a+cawWJmJrsBEORz5oTHt95TFRfZgWzHKXrjW5yM py0sc3boV6Sxqkb5WiJc5+bnEa6DOQ5OouFzw22L3Q2rEmyq8T1eBUpKbt+1XDTc cgqGOnrlEi7WW1Ii3rgG5cbGk8wRzld8/ZgxkDWXUOkOVw+pVMrXCXFKqkLlMZIi MGuBMuP7veATlZ5j0p66VqGqBUmBnki523GiSqLdYz0nhS8i7weyfhIobax4HPnW ivi5Cq2O/4IkBJLqLCsBnsylAVOtM2YBy8HcJPtZanjxkfxjx3vfQGit+7CON2Y= =Geon -----END PGP SIGNATURE-----

1 0

Security advisory - SLOTH
by Steffan Karger 18 Jan '16

18 Jan '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Summary: OpenVPN-NL is not vulnerable to the SLOTH attack [0]. Background: On January 6th 2016, INRIA published information on a TLS vulnerability called 'SLOTH' [0]. The vulnerability allows an attacker to impersonate a client with client certificate if the following conditions are met: * the attacker has a Man-in-the-Middle position between a client and server, * the client is willing to authenticate itself with its certificate to the MitM attacker, * both parties support TLS 1.2, and, * both parties allow MD5 ciphersuites to be used. OpenVPN-NL does not allow MD5 cipher suites, and therefore is not vulnerable to the SLOTH attack. [0] http://www.mitls.org/pages/attacks/SLOTH -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWnKu2AAoJEEEwndWOY1w5GsAIAIteWS56EKrVnBAi05gq0W1u nXBpta4Wm/rCHIxiWKViKWoKameHksfS3aLLiaO/qxOj9AwhsKzln5IiGNfJpE97 TaZFZb1JOddVckBzMsIphBLttctDeb7bW6cwQgF8Vn0wl+MYekHSRGtTXxAQZqiX SSYXTVjqbqsmg03V3jQQ8yiFF82N7eMRQ/jxitrKz7PosCPSbCSIVSY95rijbgLB h/sZ7LLCSUtpg82ZIVHs35LNFKFGZeCHnzjNpeVpGNxYdi6GrfROJL21qJ/QjXKm k1R+OoDHXIN204aLbpkbVZRQKSCI2is5y3J+K7RZtVOnxyW7eD09BSRI/AaCMH4= =hvWX -----END PGP SIGNATURE-----

1 0

OpenVPN-NL 2.3.8-nl1 released
by Steffan Karger 21 Aug '15

21 Aug '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 A new version of OpenVPN-NL (2.3.8-nl1) is available on the OpenVPN-NL site [1]. This version is based on OpenVPN 2.3.8 [2], and PolarSSL 1.2.15 [3]. This new version of OpenVPN-NL includes fixes for a number of minor security issues in PolarSSL [4][5]. If the recommended tls-auth mechanism is used in an OpenVPN-NL configuration, an attacker can only use these to attack such an OpenVPN-NL instance if (s)he is in possession of the tls-auth key. Users are advised to upgrade both OpenVPN-NL clients and servers to 2.3.8-nl1. Important: with this release, the code signing keys have changed, to move to SHA256 instead of SHA1 signature digests. The old keys are _not_ compromised. We now use keys with the following fingerprints to sign OpenVPN-NL releases: Linux: 6A11 9596 8DDC A349 4E7C 598C 43CF 15D3 54E0 3E30 Windows: 0456 cab6 4107 209a 470d 4439 09c5 cee5 576f 9000 Debian/Ubuntu users should import the new keys by: wget https://openvpn.fox-it.com/repos/fox-crypto-gpg.asc gpg --with-fingerprint fox-crypto-gpg.asc # (verify fingerprint) sudo apt-key add fox-crypto-gpg.asc Red Hat / SuSE users should import new keys by: wget https://openvpn.fox-it.com/repos/fox-crypto-gpg.asc gpg --with-fingerprint fox-crypto-gpg.asc # (verify fingerprint) sudo rpm --import fox-crypto-gpg.asc Windows users should verify the key fingerprint through properties->digital signatures before starting the installer. References - ---------- [1] https://openvpn.fox-it.com/ [2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 [3] https://tls.mbed.org/tech-updates/releases/polarssl-1.2.15-released [4] https://tls.mbed.org/tech-updates/releases/polarssl-1.2.14-released [5] https://tls.mbed.org/tech-updates/releases/polarssl-1.2.13-released -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJV1yq+AAoJEEEwndWOY1w5FTUH/2YaJi4RsdUve3536/G1qraQ Q/Fu0J1YLkvnJp/pP8kwiLNj2XCNFiu+F6CqfCyOoUXyIIn3CtSfHhS6TiYctuj0 TtlWXPMeA051AaCPq4YNaen6xLB/j9vRpFPge3rmgWoJ3LcpqRvLhSSfnr9PhYnZ t2tXAb/QlUQ7wdjOV3aIKl1OWaxIYSz75lw1PHv4aaV+kygM8+a4NsxCKE8vb4O9 Cmy/HQhwZLF57P6BIfB5SCw8mhLygmfezaTj91kcl64drLD8c/6YN+KUiG4Ee8kO laUtyXQilpCJdBedcAuXDNdMbZOIAOqopphx8ooVxSVSwB11Kn4nMuNM/IoIdx4= =v2Mm -----END PGP SIGNATURE-----

1 0

Security advisory: Logjam / weakdh
by Steffan Karger 20 May '15

20 May '15

Summary: OpenVPN-NL is not vulnerable to the Logjam attack [logjam] and no action is required from OpenVPN-NL administrators or users. Full description: Critical vulnerabilities in Diffie-Hellman key-exchanges and the TLS protocol, dubbed 'Logjam', have been published this morning [logjam]. The authors of [logjam] show a man-in-the-middle attack on TLS that downgrades the DH parameters used for key-exchange to EXPORT-grade (512-bits) parameters, if both client and server have support for export-grade parameters. Furthermore, the authors show they can break 512-bits DH key exchanges, based on a known DH group, within 90 seconds. They argue the scientific community should be able to break 768-bits parameters and state actors might be able to break 1024-bits parameters. OpenVPN-NL is not vulnerable to Logjam for the following reasons: 1) OpenVPN encourages users to generate their own DH-parameters, rather than using a known DH-group. 2) OpenVPN-NL enforces the use of 2048-bit DH parameters, which is considered large enough to be infeasible to break. 3) OpenVPN-NL can not be configured to support export-grade DH parameters. Furthermore, use of the recommended tls-auth feature would block the man-in-the-middle downgrade attack. [logjam] https://weakdh.org/

1 0

OpenVPN-NL v2.3.5-nl3 released
by Steffan Karger 19 Jan '15

19 Jan '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 A new version of OpenVPN-NL (2.3.5-nl3) is available on the OpenVPN-NL site [1]. This version is based on OpenVPN 2.3.5 [2], and PolarSSL 1.2.12 [3]. This new version of OpenVPN-NL fixes a potential double free vulnerability in PolarSSL [4]. The vulnerability enables an attacker that can send TLS messages to an OpenVPN-NL instance to trick that instance to free an uninitialized pointer. This enables an attacker to mount a denial of service attack, and could potentially lead to remote code execution. If the recommended tls-auth mechanism is used in an OpenVPN-NL configuration, an attacker can only attack such an OpenVPN-NL instance if (s)he is in possession of the tls-auth key. We have not (yet) seen any exploits targeting this vulnerability. Users are advised to upgrade both OpenVPN-NL clients and servers to 2.3.5-nl3. References - ---------- [1] https://openvpn.fox-it.com/ [2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 [3] https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released [4] https://polarssl.org/tech-updates/security-advisories/polarssl-security-adv… -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJUvSPCAAoJEEEwndWOY1w59Y4H/jQP2fqvCDzLc5D0syd650tP sqo6jW2WLxvLTF0bPKYyyy3A1V2Uu+SKjAwcCmA2+UbFjpFlHW28yFeaMclgrHrm 9DWKIXfSaCgal6VWYTuzFmz+z3KhmCLnOBfjHehDw2bPsfFkbb+ILbZbZ2MLowud jlnPISOwwuQdeXZTRJRScGhO6iY87DR4QpMnIRYtFsnqKoW4jEF1Ij4naELS8Mxf jSJZU87/MQsCM3gSAUfAtfV8KFV/AA6nVRg9b459oyOan4eQ2IaYpFZZrIP1Cmy6 U2C8aq4LsIz+WaIIJBoyVqYPeFH6vzWW2me+3heSOIRANWNWHMSoJ/VCH6t2uBI= =kBi3 -----END PGP SIGNATURE-----

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

list-openvpn-nl