[OpenVPN-NL] OpenVPN-NL v2.3.4-nl1 released
Steffan Karger
steffan.karger at fox-it.com
Mon Aug 11 16:33:53 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
A new version of OpenVPN-NL (2.3.4-nl1) is available on the OpenVPN-NL
site [1]. This version is based on OpenVPN 2.3.4, and PolarSSL 1.2.11
[2].
The new version of OpenVPN-NL includes a new PolarSSL release, which
fixes a denial-of-service vulnerability when GCM TLS-cipher suites were
used [3]. A successful attack could compromise the availability, but
would *not* compromise confidentiality. In OpenVPN-NL, this
denial-of-service attack can only be exploited when the group key
("tls-auth") has been compromised.
We strongly recommend that you upgrade to the new version of OpenVPN-NL.
Important note for plugin/script users:
This release changes the representation of the tls_serial_{n}
environment variable from hex to decimal, to match upstream OpenVPN
behaviour.
To ease transition for plugin/script users, a new env variable
tls_serial_hex_{n} is added, that exports the serial in hex
represenation (like tls_serial_{n} previously did).
References
[1] https://openvpn.fox-it.com/
[2] https://polarssl.org/tech-updates/releases
[3]
https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJT6NRRAAoJEEEwndWOY1w59q8H/RjWWp63ODmHskLp/M8tNV/+
QtmJj7NeXjzCmEHTWUWpcE8XYa9+iozDo0Dc0MRUf0BaIRM2zwnT0Nj/wGbZnNFb
cL9cmc53IrnPDclMXZGNgn0q+Dn/mR37Yga32sJlv6s+Qu9/xYPgVkRxzG7OO4uY
VG6PPWPk82w95HpLgdF27ZuNZXHvgQuMkW2RXMUzkoLfXykCJrak1wXVECGll6mT
6vVf2IRLf+YMzlaE96Tz60qczg0T0q4cAwMIZTTw2flGAFUMh8LDL+Fgh5Q1+3/P
xJNrdZDkHD1hy/xwNEseyYAiHL8wqUtXZ13631ekaxnEdpsP+XKPo2VyR1WeqMI=
=Yfrw
-----END PGP SIGNATURE-----
More information about the list-openvpn-nl
mailing list