diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 39 |
1 files changed, 39 insertions, 0 deletions
@@ -3,6 +3,45 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> $Id$ +2006.04.05 -- Version 2.1-beta12 + +* Security Vulnerability -- An OpenVPN client connecting to a + malicious or compromised server could potentially receive + "setenv" configuration directives from the server which could + cause arbitrary code execution on the client via a LD_PRELOAD + attack. A successful attack appears to require that (a) the + client has agreed to allow the server to push configuration + directives to it by including "pull" or the macro "client" in + its configuration file, (b) the client configuration file uses + a scripting directive such as "up" or "down", (c) the client + succesfully authenticates the server, (d) the server is + malicious or has been compromised and is under the control of + the attacker, and (e) the attacker has at least some level of + pre-existing control over files on the client (this might be + accomplished by having the server respond to a client web request + with a specially crafted file). + + The fix is to disallow "setenv" to be pushed to clients from + the server, and to add a new directive "setenv-safe" which is + pushable from the server, but which appends "OPENVPN_" to the + name of each remotely set environmental variable. + +* "topology subnet" fix for FreeBSD (Benoit Bourdin). + +* PKCS11 fixes (Alon Bar-Lev). For full description: + svn log -r990 http://svn.openvpn.net/projects/openvpn/branches/BETA21 + +* When deleting routes under Linux, use the route metric + as a differentiator to ensure that the route teardown + process only deletes the identical route which was originally + added via the "route" directive (Roy Marples). + +* Fix the t_cltsrv.sh file in FreeBSD 4 jails + (Matthias Andree, Dirk Meyer, Vasil Dimov). + +* Extended tun device configure code to support ethernet + bridging on NetBSD (Emmanuel Kasper). + 2006.02.19 -- Version 2.1-beta11 * Fixed --port-share bug that caused premature closing |