[OpenVPN-NL] OpenVPN-NL 2.3.9-nl2 released
steffan.karger at fox-it.com
Wed May 11 16:12:40 CEST 2016
-----BEGIN PGP SIGNED MESSAGE-----
A new version of OpenVPN-NL (2.3.9-nl2) is available on the OpenVPN-NL website
. This version is based on OpenVPN 2.3.9 , and PolarSSL 1.2.19 .
This new version of OpenVPN-NL includes fixes for a number of minor security
issues in both OpenVPN  and PolarSSL [4,5,6]. If the recommended tls-auth
mechanism is used in an OpenVPN-NL configuration, an attacker must possess the
tls-auth key to mount an attack based on these issues.
One issue is not stopped by tls-auth: a denial-of-service attack could be
mounted when the --port-share option is enabled (which is disabled by default).
In upstream OpenVPN and OpenVPN-NL before 2.3.8-nl1 this issue can cause a heap
overflow, but OpenVPN-NL 2.3.8-nl1 already contains a hardening patch that
limits this to denial-of-service.
Users are advised to upgrade both OpenVPN-NL clients and servers to 2.3.9-nl2.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the list-openvpn-nl