diff options
| author | Ivan Pavlov <AuthorReflex@gmail.com> | 2024-03-22 08:47:29 +0300 |
|---|---|---|
| committer | Josef Schlehofer <pepe.schlehofer@gmail.com> | 2024-03-23 14:00:08 +0100 |
| commit | 35ef370178a42c20af4ecac000fbda0996aeb3d8 (patch) | |
| tree | 4c240d6a73fee46222c95e380e579c8500afbea9 /libs/libplist | |
| parent | a7363a33ac1d9f34bc25177ace8b32f58801de9e (diff) | |
openvpn: update to 2.6.10
This is a bugfix release containing several security fixes specific to the Windows platform.
Bug fixes
---------
- Windows: if the win-dco driver is used (default) and the GUI requests
use of a proxy server, the connection would fail. Disable DCO in
this case.
- Compression: minor bugfix in checking option consistency vs. compiled-in
algorithm support
- systemd unit files: remove obsolete syslog.target
Security fixes
--------------
- CVE-2024-27459: Windows: fix a possible stack overflow in the
interactive service component which might lead to a local privilege
escalation.
- CVE-2024-24974: Windows: disallow access to the interactive service
pipe from remote computers.
- CVE-2024-27903: Windows: disallow loading of plugins from untrusted
installation paths, which could be used to attack openvpn.exe via
a malicious plugin.
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.10/Changes.rst
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Diffstat (limited to 'libs/libplist')
0 files changed, 0 insertions, 0 deletions