04d25b2bc1
This is a bugfix release containing several security fixes. Security fixes -------------- - CVE-2024-4877: Windows: harden interactive service pipe. Security scope: a malicious process with "some" elevated privileges could open the pipe a second time, tricking openvn GUI into providing user credentials (tokens), getting full access to the account openvpn-gui.exe runs as. - CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. - CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect this client Bug fixes --------- - fix connect timeout when using SOCKS proxies - work around LibreSSL crashing on OpenBSD 7.5 when enumerating ciphers - Add bracket in fingerprint message and do not warn about missing verification For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.11/Changes.rst Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> |
||
|---|---|---|
| .. | ||
| 100-mbedtls-disable-runtime-version-check.patch | ||
| 101-Fix-EVP_PKEY_CTX_-compilation-with-wolfSSL.patch | ||
| 102-Disable-external-ec-key-support-when-building-with-wolfSSL.patch | ||
| 103-define-LN_serialNumber-for-wolfSSL.patch | ||