Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
OpenVPN 2.4.3 Released
#1
https://community.openvpn.net/openvpn/wi...nOpenvpn24     OpenVPN 2.4.3

Antonio Quartulli (1):
      Ignore auth-nocache for auth-user-pass if auth-token is pushed

David Sommerseth (3):
      crypto: Enable SHA256 fingerprint checking in --verify-hash
      copyright: Update GPLv2 license texts
      auth-token with auth-nocache fix broke --disable-crypto builds

Emmanuel Deloget (8):
      OpenSSL: don't use direct access to the internal of X509
      OpenSSL: don't use direct access to the internal of EVP_PKEY
      OpenSSL: don't use direct access to the internal of RSA
      OpenSSL: don't use direct access to the internal of DSA
      OpenSSL: force meth->name as non-const when we free() it
      OpenSSL: don't use direct access to the internal of EVP_MD_CTX
      OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
      OpenSSL: don't use direct access to the internal of HMAC_CTX

Gert Doering (6):
      Fix NCP behaviour on TLS reconnect.
      Remove erroneous limitation on max number of args for --plugin
      Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
      Fix potential 1-byte overread in TCP option parsing.
      Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
      Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)

Guido Vranken (6):
      refactor my_strupr
      Fix 2 memory leaks in proxy authentication routine
      Fix memory leak in add_option() for option 'connection'
      Ensure option array p[] is always NULL-terminated
      Fix a null-pointer dereference in establish_http_proxy_passthru()
      Prevent two kinds of stack buffer OOB reads and a crash for invalid input data

Jérémie Courrèges-Anglas (2):
      Fix an unaligned access on OpenBSD/sparc64
      Missing include for socket-flags TCP_NODELAY on OpenBSD

Matthias Andree (1):
      Make openvpn-plugin.h self-contained again.

Selva Nair (1):
      Pass correct buffer size to GetModuleFileNameW()

Steffan Karger (11):
      Log the negotiated (NCP) cipher
      Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
      Skip tls-crypt unit tests if required crypto mode not supported
      openssl: fix overflow check for long --tls-cipher option
      Add a DSA test key/cert pair to sample-keys
      Fix mbedtls fingerprint calculation
      mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
      mbedtls: require C-string compatible types for --x509-username-field
      Fix remote-triggerable memory leaks (CVE-2017-7521)
      Restrict --x509-alt-username extension types
      Fix potential double-free in --x509-alt-username (CVE-2017-7521)

Steven McDonald (1):
      Fix gateway detection with OpenBSD routing domains : https://openvpn.net/index.php/open-sourc...loads.html  Downloads


OpenVPN 2.4.3 -- released on 2017.06.21 (Change Log)

OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In the process several vulnerabilities were found, some of which are remotely exploitable in certain circumstances. We recommend you to upgrade to OpenVPN 2.4.3 or 2.3.17 as soon as possible. More details are available in our official security announcement.

Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy.

Compared to OpenVPN 2.4.2 there are several bugfixes and one major feature: support for building with OpenSSL 1.1.

A summary of the changes is available in Changes.rst, and a full list of changes is available here.

OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, see the changelog. The new OpenVPN GUI features are documented here.

Please note that OpenVPN 2.4 installers will not work on Windows XP.

If you find a bug in this release, please file a bug report to our Trac bug tracker. In uncertain cases please contact our developers first, either using the openvpn-devel mailinglist or the developer IRC channel (#openvpn-devel at irc.freenode.net). For generic help take a look at our official documentation, wiki, forums, openvpn-users mailing list and user IRC channel (#openvpn at irc.freenode.net).

Source Tarball (gzip)
openvpn-2.4.3.tar.gz GnuPG Signature
Source Tarball (xz)
openvpn-2.4.3.tar.xz GnuPG Signature
Source Zip openvpn-2.4.3.zip GnuPG Signature
Installer, Windows Vista and later
openvpn-install-2.4.3-I601.exe GnuPG Signature   Please note that OpenVPN 2.4 installers will not work on Windows XP. : https://www.virustotal.com/en/file/36fdf.../analysis/  SHA256: 36fdfd1b6d2e6c94add59e5670f9391162d4d3866cd20b719c018fc18919f54d
File name: openvpn-install-2.4.3-I601.exe
Detection ratio: 1 / 61
Analysis date: 2017-06-22 21:15:16 UTC ( 16 minutes ago ) Baidu Win32.Trojan.WisdomEyes.16070401.9500.9939 20170622 (false positive by  Baidu Security Company From China) Signature verification  Signed file, verified signature
Signing date 1:48 PM 6/20/2017
Signers
[+] OpenVPN Technologies, Inc.
[+] DigiCert SHA2 Assured ID Code Signing CA
[+] DigiCert
Counter signers
[+] DigiCert Timestamp Responder
[+] DigiCert Assured ID CA-1
[+] DigiCert
 Packers identified
F-PROT NSIS VirusTotal metadata
First submission 2017-06-21 11:37:47 UTC ( 1 day, 9 hours ago )
Last submission 2017-06-22 21:15:16 UTC ( 16 minutes ago )
File names openvpn-install-2.4.3-I601.exe
openvpn-install-2.4.3-i601.exe
openvpn-install-2.4.3-I601.exe
openvpn-install-2.4.3-I601.exe
SamuraiVPN openvpn-install-2.4.3-I601.exe
openvpnInstall.exe
openvpn-install-2.4.3-I601.exe
openvpn-install-2.4.3-I601.exe
openvpn-install.exe
openvpn-install-2.4.3-I601.exe
openvpn-install-2.4.3-I601.exe
openvpn-install-2.4.3-I601.exe
openvpn-install-2.4.3-I601.exe: https://www.virustotal.com/en/file/25ecc.../analysis/  SHA256: 25ecc0454f588be1f1cbf29cf40ec4eeeb793cd5853b87e43d47e98f12ffeda8
File name: openvpn-2.4.3.zip
Detection ratio: 0 / 59
Analysis date: 2017-06-22 14:11:42 UTC ( 7 hours, 22 minutes ago ) VirusTotal metadata
First submission 2017-06-22 12:01:54 UTC ( 9 hours, 32 minutes ago )
Last submission 2017-06-22 12:01:54 UTC ( 9 hours, 32 minutes ago )
File names openvpn-2.4.3.zip
Reply
#2
https://community.openvpn.net/openvpn/wi...nOpenvpn24         OpenVPN 2.4.6

David Sommerseth (1):
      management: Warn if TCP port is used without password

Gert Doering (3):
      Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
      Fix potential double-free() in Interactive Service (CVE-2018-9336)
      preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)

Gert van Dijk (1):
      manpage: improve description of --status and --status-version

Joost Rijneveld (1):
      Make return code external tls key match docs

Selva Nair (3):
      Delete the IPv6 route to the "connected" network on tun close
      Management: warn about password only when the option is in use
      Avoid overflow in wakeup time computation

Simon Matter (1):
      Add missing #ifdef SSL_OP_NO_TLSv1_1/2

Steffan Karger (1):
      Check for more data in control channel
https://openvpn.net/index.php/open-sourc...loads.html          Downloads

OpenVPN 2.4.6 -- released on 2018.04.24 (Change Log)

This is primarily a maintenance release with minor bugfixes and improvements, and one security relevant fix for the Windows Interactive Service. Windows installer includes updated OpenVPN GUI and OpenSSL. The bundled tap-windows6 driver includes one security fix. Note that the driver no longer works on Windows Vista due to incompatible Authenticode signature.

Please note that LibreSSL is not a supported crypto backend. We accept patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if newer versions of LibreSSL break API compatibility we do not take responsibility to fix that.

Also note that Windows installers have been built with NSIS version that has been patched against several NSIS installer code execution and privilege escalation problems. Based on our testing, though, older Windows versions such as Windows 7 might not benefit from these fixes. We thus strongly encourage you to always move NSIS installers to a non-user-writeable location before running them. Our long-term plan is to migrate to using MSI installers instead.

Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy.

A summary of the changes is available in Changes.rst, and a full list of changes is available here.

OpenVPN GUI bundled with the Windows installer has a large number of new features compared to the one bundled with OpenVPN 2.3. One of major features is the ability to run OpenVPN GUI without administrator privileges. For full details, see the changelog. The new OpenVPN GUI features are documented here.

Please note that OpenVPN 2.4 installers will not work on Windows XP.

If you find a bug in this release, please file a bug report to our Trac bug tracker. In uncertain cases please contact our developers first, either using the openvpn-devel mailinglist or the developer IRC channel (#openvpn-devel at irc.freenode.net). For generic help take a look at our official documentation, wiki, forums, openvpn-users mailing list and user IRC channel (#openvpn at irc.freenode.net).
Source Tarball (gzip)
    openvpn-2.4.6.tar.gz     GnuPG Signature
Source Tarball (xz)
    openvpn-2.4.6.tar.xz     GnuPG Signature
Source Zip     openvpn-2.4.6.zip     GnuPG Signature
Installer, Windows Vista and later
    openvpn-install-2.4.6-I601.exe     GnuPG Signature
100% Scanned Safe &  Malware Free & Clean With Kaspersky Total Security
Kaspersky File Advisor  Trusted ( Kaspersky Security Network) Digital Signature:( OpenVPN Technologies, Inc.)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  OpenVPN 2.5.4 Freeware (New) Released mrtrout 0 501 10-06-2021 , 05:10 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)