[OpenVPN-NL] OpenVPN-NL 2.4.12-nl1 released
Max Fillinger
maximilian.fillinger at foxcrypto.com
Thu Apr 14 17:14:10 CEST 2022
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
A new version of OpenVPN-NL (2.4.12-nl1) is available on the OpenVPN-NL
website [1]. This version is based on OpenVPN 2.4.12 [2], and mbed TLS
2.16.2 [3].
This release fixes CVE-2022-0547 [4]. OpenVPN 2.4.12 now aborts when
there are multiple authentication plugins that are attempting deferred
authentication. In earlier versions of OpenVPN, this situation could
lead to a potential authentication bypass if one of the plugins accepts
the user, but another one does not.
Apart from that, it contains several bugfixes and improvements.
The Windows installer is now signed with a new key because the old one
expired. You can find the new certificate at [5].
Version 2.4.9-nl1 is now deprecated.
References
- ------------
[1] https://openvpn.fox-it.com/
[2] https://github.com/OpenVPN/openvpn/blob/v2.4.12/Changes.rst
[3]
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.2-and-2.7.11-released
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0547
[5] https://openvpn.fox-it.com/repos/fox-crypto-win-2021.pem
-----BEGIN PGP SIGNATURE-----
iQHXBAEBCABBFiEEXj3Vjj5AbsDlPfHO5IsYow7qaagFAmJYOQAjHG1heGltaWxp
YW4uZmlsbGluZ2VyQGZveGNyeXB0by5jb20ACgkQ5IsYow7qaagIbwv/UPjup8SX
ISdGdZjCy702P/jaVCeLg2k8uUdrM8RmPTqF5jptmKWVxb4sIXAwL3LnLmBw3MtN
/26Y3eEoxYLR64JfEkYqvgXerX84E2R3AB7tji8d+V0EVX694kqI/P3xXoB5UPpT
heEfZLVlJ7A9jiNJ1nyz4om3AHmOm12HfVeLUwZmekcgF6ump/abpPeCfxF3SRPC
DmaMJ9JxjRsC3YXvzbT5htizCOQBW+1AF4/+pP3P50jwDsxqG5L2aqprnuC1damP
kvE4Ko7ZOdyqFL9pwlCxvogA9zLQPSMzMWyXMyi7TDju3rWumZtb90b0t4SK8KGl
4wFa9anDLluVrxz+bfky5kCXw+lCodoQQWAoL93/oYzm2PMQOBenqsDGdMOq/wOO
S/S76pWMqde28JAfkdBz9tfokANho3bUclMhHD1dI93TGaV55BZmVVlv/zuO6e4Y
8sPed0LCxe2w4k1dYBDrCsaXAqmosxBXl5U60Jij99D6NaA9tNLibjaz
=2ajQ
-----END PGP SIGNATURE-----
More information about the list-openvpn-nl
mailing list