[OpenVPN-NL] OpenVPN-NL v2.3.5-nl1 released
Steffan Karger
steffan.karger at fox-it.com
Mon Nov 17 10:15:39 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
A new version of OpenVPN-NL (2.3.5-nl1) is available on the OpenVPN-NL
site [1]. This version is based on OpenVPN 2.3.5 [2], and PolarSSL
1.2.12 [3].
This new version of OpenVPN-NL includes a new PolarSSL release, which
fixes a remotely-triggerable memory leak when parsing some X.509
certificates. When using tls-auth, this can only be achieved when the
group key ("tls-auth") has been compromised. A successful attack can
potentially cause a denial-of-service; confidentiality and
authenticity are not compromised.
This release contains some minor bugfixes in both PolarSSL and OpenVPN
[2,3].
References
- ----------
[1] https://openvpn.fox-it.com/
[2] https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
[3] https://polarssl.org/tech-updates/releases/polarssl-1.2.12-released
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJUaby3AAoJEEEwndWOY1w5kH4H/3/tkhQ0Zus3b23JRqG0fyzF
mXB49uLsMWoc08J35TU4akCPgg+fLnirW8petCKEHztcshklbfpC8TmRyr5FPrWQ
hcDTVSaDZs6Ey5KdXnVd69pcBGaGL4lwRNNL3T/pMXVjh73zkS6QCncVkwkyY/Pc
oI9x4D8UkZbK+nf3hwevcF15MYLvkcBfmsa3UfdrSujgDV8l/5zi/RW6EPAh5oLx
Seh5FubuMrk+oD2ECw075Itg5b+SYTXPO9Wkk/C++db0rBR4o6uq5YiguSONNmjo
FaB9HcnbG8sf4KduvwxH0tZV+X1DzWAnJdz/Xudn7rHUR114bJ46xYuKSO1Uqps=
=B9jG
-----END PGP SIGNATURE-----
More information about the list-openvpn-nl
mailing list