diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2006-04-05 08:31:23 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2006-04-05 08:31:23 +0000 |
commit | 35fd760fc767dd688df5c137c3a947e8ddc5de7a (patch) | |
tree | 5eed9bf86ded34f1c2b4ef09beed1ad7f00e2b75 /ChangeLog | |
parent | svn merge -r 886:987 $SO/trunk/openvpn . (diff) | |
download | openvpn-35fd760fc767dd688df5c137c3a947e8ddc5de7a.tar.xz |
Version 2.1_beta12 released
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@993 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r-- | ChangeLog | 39 |
1 files changed, 39 insertions, 0 deletions
@@ -3,6 +3,45 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> $Id$ +2006.04.05 -- Version 2.1-beta12 + +* Security Vulnerability -- An OpenVPN client connecting to a + malicious or compromised server could potentially receive + "setenv" configuration directives from the server which could + cause arbitrary code execution on the client via a LD_PRELOAD + attack. A successful attack appears to require that (a) the + client has agreed to allow the server to push configuration + directives to it by including "pull" or the macro "client" in + its configuration file, (b) the client configuration file uses + a scripting directive such as "up" or "down", (c) the client + succesfully authenticates the server, (d) the server is + malicious or has been compromised and is under the control of + the attacker, and (e) the attacker has at least some level of + pre-existing control over files on the client (this might be + accomplished by having the server respond to a client web request + with a specially crafted file). + + The fix is to disallow "setenv" to be pushed to clients from + the server, and to add a new directive "setenv-safe" which is + pushable from the server, but which appends "OPENVPN_" to the + name of each remotely set environmental variable. + +* "topology subnet" fix for FreeBSD (Benoit Bourdin). + +* PKCS11 fixes (Alon Bar-Lev). For full description: + svn log -r990 http://svn.openvpn.net/projects/openvpn/branches/BETA21 + +* When deleting routes under Linux, use the route metric + as a differentiator to ensure that the route teardown + process only deletes the identical route which was originally + added via the "route" directive (Roy Marples). + +* Fix the t_cltsrv.sh file in FreeBSD 4 jails + (Matthias Andree, Dirk Meyer, Vasil Dimov). + +* Extended tun device configure code to support ethernet + bridging on NetBSD (Emmanuel Kasper). + 2006.02.19 -- Version 2.1-beta11 * Fixed --port-share bug that caused premature closing |