Software-update: OpenVPN 2.6.10

OpenVPN is een robuuste en gemakkelijk in te stellen opensource-vpn-daemon waarmee verschillende private netwerken aan elkaar geknoopt kunnen worden via een versleutelde tunnel over internet. Voor de beveiliging wordt gebruikgemaakt van de OpenSSL-library, waarmee alle encryptie, authenticatie en certificatie kunnen worden afgehandeld. De ontwikkelaars hebben versie 2.6.10 uitgebracht en de changelog voor die uitgave kan hieronder worden gevonden.

Security fixes

CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation.CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers.CVE-2024-27903: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. Plugins can now only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir.

CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation.

CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers.

CVE-2024-27903: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. Plugins can now only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir.

Bug fixes

Windows: if the win-dco driver is used (default) and the GUI requests use of a proxy server, the connection would fail. Disable DCO in this case. (Github: #522)Compression: minor bugfix in checking option consistency vs. compiled-in algorithm supportsystemd unit files: remove obsolete syslog.target

Windows: if the win-dco driver is used (default) and the GUI requests use of a proxy server, the connection would fail. Disable DCO in this case. (Github: #522)

Compression: minor bugfix in checking option consistency vs. compiled-in algorithm support

systemd unit files: remove obsolete syslog.target

User visible changes

Update copyright notices to 2024

Update copyright notices to 2024

New features

t_client.sh can now run pre-tests and skip a test block if needed (e.g. skip NTLM proxy tests if SSL library does not support MD4)

t_client.sh can now run pre-tests and skip a test block if needed (e.g. skip NTLM proxy tests if SSL library does not support MD4)

Documentation

Remove license warnings about mbedTLS linking (README.mbedtls)Update documentation references in systemd unit filesSample config files: remove obsolete tls-*.conf filesDocument that auth-user-pass may be inlined

Remove license warnings about mbedTLS linking (README.mbedtls)

Update documentation references in systemd unit files

Sample config files: remove obsolete tls-*.conf files

Document that auth-user-pass may be inlined

Source: Tweakers.net