Updating link to change in openSUSE:Factory/openvpn revision 92.0

OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=87d79a66380aae5a5c09e186965ae192
2021-06-11 20:30:28 +00:00 · 2021-06-11 20:30:28 +00:00 · c971ffecad
commit c971ffecad
parent f53e63e20a
1 changed files with 17 additions and 0 deletions
--- a/openvpn.changes
+++ b/openvpn.changes
@ -1,6 +1,23 @@
 -------------------------------------------------------------------
 Mon May 31 15:29:08 UTC 2021 - Dirk Müller <dmueller@suse.com>

+- update to 2.4.11 (bsc#1185279):
+  * CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
+
+  * This bug allows - under very specific circumstances - to trick a server using
+    delayed authentication (plugin or management) into returning a PUSH_REPLY
+    before the AUTH_FAILED message, which can possibly be used to gather
+    information about a VPN setup.
+  * In combination with "--auth-gen-token" or an user-specific token auth
+    solution it can be possible to get access to a VPN with an
+    otherwise-invalid account.
+  * Fix potential NULL ptr crash if compiled with DMALLOC
+- drop sysv5 init support, it hasn't build successfully in ages
+  and is build-disabled in devel project
+
+-------------------------------------------------------------------
+Mon May 31 15:29:08 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
 - update to 2.4.11 (bsc#1185279):
  * CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements