87f634bb3f
- update to 2.4.11 (bsc#1185279): * CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements * This bug allows - under very specific circumstances - to trick a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. * In combination with "--auth-gen-token" or an user-specific token auth solution it can be possible to get access to a VPN with an otherwise-invalid account. * Fix potential NULL ptr crash if compiled with DMALLOC - drop sysv5 init support, it hasn't build successfully in ages and is build-disabled in devel project OBS-URL: https://build.opensuse.org/request/show/896403 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=160
17 lines
833 B
Plaintext
17 lines
833 B
Plaintext
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIzBAABCAAdFiEE/DZ4Imbv9iQMR50nEco5yCwF7okFAmB/tIAACgkQEco5yCwF
|
|
7olP2BAA29nE8DfSzet1Lu1u/D5TdtLoMcSclZBnRP3McSzZV+HBECWEmoXCW1I3
|
|
ljtJgG1bIKGQUPDUmBzCkTG7SB2rGSp90q96ppybgsKpWV6ZjoKLPVEBcePVYBhS
|
|
sbGMBj4YgviyIG0yaemWRx5dz/7SpxqYMc8yQ9u2tI6ydicMepdPXgQIggh5FoRf
|
|
j7G8UbZeOGeqrYQyatIbhW3vehw4HrsCTx6YmhomOKHuMppf+JbjlpDmm3BVRjhO
|
|
9qRA49n5Cmh68mXJG0SpxW02bHFXgMKi+DyjFlJPdA97IN/exzGuIUoim3Jk58eM
|
|
AnhKiC2Ctb7BRc3h4JBtm3guDd1xirV56XOnRmjyoVl+vq4gl8p+XzL8NeKbfqGa
|
|
WW59zd/8uF5r7u8smIjOvlUXh8lCwPrKo/IpxXzy54jknhlGfUZdzv4Kb+MVdP1w
|
|
VM2MnBZ5ukVLR2e/DnAeHTORQYHauyVj3whpdrQqMccDbqhz2R1YOu+ndTS+XOs+
|
|
VnyNbsvBxOekT+ZqFZ70yT2+dFKu5Y9XfyfDnjBdHCd1qnF15Fe95O0SGw16eqfM
|
|
lqfz6WPxsxTfr6kOqQCfbKQVrPVu2hQuOROrJrA5Yheeqcnv6QMQm0efYfr/DwkQ
|
|
0qLNszu/Sx9ndgxXTeRZpQkfxKsubARPr0KiCo9dRBB8/sf6Iow=
|
|
=fE7o
|
|
-----END PGP SIGNATURE-----
|