aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-10-31 03:49:25 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-10-31 03:49:25 +0000
commit79df31c85ab06d24f9443e370160cc9c44b88b93 (patch)
treeb3f92140b9c210485c2c0caad578c844791f3bcb /ChangeLog
parentWindows reliability changes: (diff)
downloadopenvpn-79df31c85ab06d24f9443e370160cc9c44b88b93.tar.xz
svn merge -r 734:737 $SO/trunk/openvpn
Security fixes from 2.0.3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@740 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--ChangeLog19
1 files changed, 19 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index edfc588..62307b2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,25 @@ $Id$
2005.10.xx -- Version 2.1-beta5
+* Security fix -- Affects non-Windows OpenVPN clients of
+ version 2.0 or higher which connect to a malicious or
+ compromised server. A format string vulnerability
+ in the foreign_option function in options.c could
+ potentially allow a malicious or compromised server
+ to execute arbitrary code on the client. Only
+ non-Windows clients are affected. The vulnerability
+ only exists if (a) the client's TLS negotiation with
+ the server succeeds, (b) the server is malicious or
+ has been compromised such that it is configured to
+ push a maliciously crafted options string to the client,
+ and (c) the client indicates its willingness to accept
+ pushed options from the server by having "pull" or
+ "client" in its configuration file.
+* Security fix -- Potential DoS vulnerability on the
+ server in TCP mode. If the TCP server accept() call
+ returns an error status, the resulting exception handler
+ may attempt to indirect through a NULL pointer, causing
+ a segfault. Affects all OpenVPN 2.0 versions.
* Fix attempt of assertion at multi.c:1586 (note that
this precise line number will vary across different
versions of OpenVPN).