[OpenVPN-NL] OpenVPN-NL v2.3.2-nl1 released

Steffan Karger steffan.karger at fox-it.com
Fri Jul 5 13:40:18 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

A new version of OpenVPN-NL (2.3.2-nl1) is available on the OpenVPN-NL
site [1].  This version is based on OpenVPN 2.3.2, and PolarSSL 1.2.8
[2].

The new version of OpenVPN-NL includes a new PolarSSL release, which
fixes a denial-of-service possibility during TLS negotiation [3]. A
successful attack could compromise the availability, but would *not*
compromise confidentiality. In OpenVPN-NL, this denial-of-service
attack can only be exploited when the group key ("tls-auth") has been
compromised.

We strongly recommend that you upgrade to the new version of OpenVPN-NL.


References
- - - - - ----------

[1] https://openvpn.fox-it.com/

[2] https://polarssl.org/tech-updates/releases

[3]
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBCAAGBQJR1rCiAAoJEEEwndWOY1w5wQAH/2TyRgP4F3PUoUe5S2j98DH1
izlBarfToTtkzD4yibmcr9vY5gJMR2kKQig+FcU82n83EK0Pd+gM7cwOxGt4pWeg
vsMHaO163oE0B5tQ8XNiA0loCmYkj8Zr1zlIS8livEyPzJh+pbfQHUv6A6q5wjlz
UPJ8tLM57qoN9NAb3XqaPN8B1kZ3I/7fMUzRzrzs2tW2AqYTxw+2vMAiHWUf6dgE
14JpmWlXe2a28IhWHY+PztioVROZB9oUGWsg5+yHZqTIQIy1GJHw6CyyfSxn7r3x
1RhCMNjkP/E+B3hSlDNK9iEFC2npu+x65JkbokSNSMNJsujlIK29xjYR+0o0o9s=
=m/j9
-----END PGP SIGNATURE-----



More information about the list-openvpn-nl mailing list