[OpenVPN-NL] OpenVPN-NL 2.4.6-nl2 released
steffan.karger at fox-it.com
Fri Jun 1 14:57:20 CEST 2018
-----BEGIN PGP SIGNED MESSAGE-----
A new version of OpenVPN-NL (2.4.6-nl2) is available on the OpenVPN-NL
website . This version is based on OpenVPN 2.4.6 , and mbed TLS
This release resolves several security issues:
1) CVE-2018-9336: fix potential double-free() in the Windows Interactive
A local attacker could send malformed input data on the service pipe
towards the OpenVPN interactive service, which can result in a double
free() in the error handling code. This usually only leads to a process
crash (DoS by an unprivileged local account) but it could lead to
memory corruption and potentially privilege escalation if happening
while multiple other threads are active at the same time.
This only affects users that run the interactive service on Windows.
2) Out-of-bounds read in the tap-windows driver
This allows a local attacker that is able to send invalid ICMPv6 packets
from the local machine to the local tap-windows adapter to crash the
local machine (BSOD). The overread data is not leaked to the attacker
3) Several bugfixes in mbed TLS
mbed TLS 2.8 fixed a number of denial-of-service bugs . mbed TLS 2.9
fixed a number of parsing bugs, which have no or very limited impact on
OpenVPN-NL, because most of the affected components are disabled, and
the strict set of allowed ciphers prevents selecting an insecure cipher.
Furthermore, the usage of tls-auth or tls-crypt prevents an attacker
without the tls-auth/tls-crypt key from executing an attack.
This release uses a new (Extended Validation) Windows Code signing
certificate for the tap-windows driver files. The sha1 fingerprint of
this new certificate is:
The preexisting certificate is still used for non-kernel mode signing,
such as the installers and openvpn(serv).exe binaries.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the list-openvpn-nl