openvpn

pool/openvpn

SHA256

Fork 1

Commit Graph

Author	SHA256	Message	Date
Reinhard Max	87f634bb3f	Accepting request 896403 from home:dirkmueller:Factory - update to 2.4.11 (bsc#1185279): * CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements * This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. * In combination with "--auth-gen-token" or an user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. * Fix potential NULL ptr crash if compiled with DMALLOC - drop sysv5 init support, it hasn't build successfully in ages and is build-disabled in devel project OBS-URL: https://build.opensuse.org/request/show/896403 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=160	2021-06-07 11:01:52 +00:00

Author

SHA256

Message

Date

Reinhard Max

87f634bb3f

Accepting request 896403 from home:dirkmueller:Factory

- update to 2.4.11 (bsc#1185279):
  * CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
  * This bug allows - under very specific circumstances - to trick a server using
    delayed authentication (plugin or management) into returning a PUSH_REPLY
    before the AUTH_FAILED message, which can possibly be used to gather
    information about a VPN setup.
  * In combination with "--auth-gen-token" or an user-specific token auth
    solution it can be possible to get access to a VPN with an
    otherwise-invalid account.
  * Fix potential NULL ptr crash if compiled with DMALLOC
- drop sysv5 init support, it hasn't build successfully in ages
  and is build-disabled in devel project

OBS-URL: https://build.opensuse.org/request/show/896403
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=160

2021-06-07 11:01:52 +00:00

1 Commits