diff options
Diffstat (limited to '')
-rw-r--r-- | ChangeLog | 16 |
1 files changed, 9 insertions, 7 deletions
@@ -3,9 +3,9 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> $Id$ -2005.10.31 -- Version 2.1-beta5 +2005.11.01 -- Version 2.1-beta6 -* Security fix (merged from 2.0.3) -- Affects non-Windows +* Security fix (merged from 2.0.4) -- Affects non-Windows OpenVPN clients of version 2.0 or higher which connect to a malicious or compromised server. A format string vulnerability in the foreign_option function in options.c @@ -19,11 +19,13 @@ $Id$ and (c) the client indicates its willingness to accept pushed options from the server by having "pull" or "client" in its configuration file (Credit: Vade79). -* Security fix (merged from 2.0.3) -- Potential DoS vulnerability - on the server in TCP mode. If the TCP server accept() call - returns an error status, the resulting exception handler - may attempt to indirect through a NULL pointer, causing - a segfault. Affects all OpenVPN 2.0 versions. + CVE-2005-3393 +* Security fix -- (merged from 2.0.4) Potential DoS + vulnerability on the server in TCP mode. If the TCP + server accept() call returns an error status, the resulting + exception handler may attempt to indirect through a NULL + pointer, causing a segfault. Affects all OpenVPN 2.0 versions. + CVE-2005-3409 * Fix attempt of assertion at multi.c:1586 (note that this precise line number will vary across different versions of OpenVPN). |