forked from pool/openvpn
Updating link to change in openSUSE:Factory/openvpn revision 92.0
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=87d79a66380aae5a5c09e186965ae192
This commit is contained in:
OBS User buildservice-autocommit
Git OBS Bridge
parent
f53e63e20a
commit
c971ffecad
@ -1,6 +1,23 @@
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon May 31 15:29:08 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
Mon May 31 15:29:08 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update to 2.4.11 (bsc#1185279):
|
||||||
|
* CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
|
||||||
|
|
||||||
|
* This bug allows - under very specific circumstances - to trick a server using
|
||||||
|
delayed authentication (plugin or management) into returning a PUSH_REPLY
|
||||||
|
before the AUTH_FAILED message, which can possibly be used to gather
|
||||||
|
information about a VPN setup.
|
||||||
|
* In combination with "--auth-gen-token" or an user-specific token auth
|
||||||
|
solution it can be possible to get access to a VPN with an
|
||||||
|
otherwise-invalid account.
|
||||||
|
* Fix potential NULL ptr crash if compiled with DMALLOC
|
||||||
|
- drop sysv5 init support, it hasn't build successfully in ages
|
||||||
|
and is build-disabled in devel project
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 31 15:29:08 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
- update to 2.4.11 (bsc#1185279):
|
- update to 2.4.11 (bsc#1185279):
|
||||||
* CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
|
* CVE-2020-15078 see https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user