35ef370178
This is a bugfix release containing several security fixes specific to the Windows platform. Bug fixes --------- - Windows: if the win-dco driver is used (default) and the GUI requests use of a proxy server, the connection would fail. Disable DCO in this case. - Compression: minor bugfix in checking option consistency vs. compiled-in algorithm support - systemd unit files: remove obsolete syslog.target Security fixes -------------- - CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation. - CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers. - CVE-2024-27903: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.10/Changes.rst Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> |
||
|---|---|---|
| .. | ||
| files | ||
| patches | ||
| Config-mbedtls.in | ||
| Config-openssl.in | ||
| Config-wolfssl.in | ||
| Makefile | ||
| test.sh | ||