[OpenVPN-NL] OpenVPN-NL v2.3.2-nl2 released

Steffan Karger steffan.karger at fox-it.com
Thu Nov 7 17:50:36 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

A new version of OpenVPN-NL (2.3.2-nl2) is available on the OpenVPN-NL
site [1]. This version is based on OpenVPN 2.3.2, and PolarSSL 1.2.10 [2].

This new version of OpenVPN-NL includes a new PolarSSL release, which
fixes a possible timing attack on the server [3,4]. A successful
attack could compromise the server's RSA private key. In OpenVPN-NL,
this denial-of-service attack can only be exploited when the group key
("tls-auth") has been compromised.

We strongly recommend that you upgrade to this new version of OpenVPN-NL.

Although we believe that this attack is not feasible over the
internet, users should consider whether their situation warrants
replacement of their server's private/public key pair.

References
- ----------

[1] https://openvpn.fox-it.com/
[2] https://polarssl.org/tech-updates/releases
[3]
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05
[4] https://polarssl.org/public/ctrsa13.pdf

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJSe8TcAAoJEEEwndWOY1w5k9QH/0lTbDPVsvJGYE4ZGEy3KeF0
752bUybgKik8v4eF1Ac6L3rY+8KRRJxgSU/Oo2gX9+5E8tbbRnfDavwB4JIRYjpt
07gcim3fH+15M5diWNOoVyUS70m6bIJjJFeA2SbhtzWMMhffaIjHGl3hM08IvR4S
vvoWZ7DxIlbezNmeM+oefiMR00N47syRhcI2JaEzTOFF7Keis3zUZzvMgK8wJ2cX
OwieXcpSrzLY9zPjBD37TEQkIe5UXb/Y5237BpQRHgGyZ35jLMptQuLajr6HcUac
gn5ql+CNASTjJTijeoJ3tLRKpn2HU/+4V/rb5RuGgpG/4X39I297z8sG2Gw3aEo=
=vTvA
-----END PGP SIGNATURE-----



More information about the list-openvpn-nl mailing list