openvpn_plugin_abort_v1 function wasn't being properly registered on Windows.Modified Windows and Linux versions of get_default_gateway to return the route with the smallest metric if multiple 0.0.0.0/0.0.0.0 entries are present.Warn when multiple clients having the same common name or username usurp each other when -duplicate-cn is not used. Moved TUN/TAP read/write log messages from -verb 8 to 6.Fixed double fork issue that occurs when -management-hold is used.Added ".PHONY: plugin" to Makefile.am to work around "make dist" issue.Fix attempt of assertion at multi.c:1586 (note that this precise line number will vary across different versions of OpenVPN).If the TCP server accept() call returns an error status, the resulting exception handler may attempt to indirect through a NULL pointer, causing a segfault. Security fix - Potential DoS vulnerability on the server in TCP mode.The vulnerability only exists if (a) the client's TLS negotiation with the server succeeds, (b) the server is malicious or has been compromised such that it is configured to push a maliciously crafted options string to the client, and (c) the client indicates its willingness to accept pushed options from the server by having "pull" or "client" in its configuration file (Credit: Vade79). A format string vulnerability in the foreign_option function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |