diff options
| author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-10-31 05:35:08 +0000 |
|---|---|---|
| committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-10-31 05:35:08 +0000 |
| commit | 524d968b59aeea3733de8b6c714328d048141bb1 (patch) | |
| tree | deac301ae031fbe4be0504849cebfccdcfe480a4 /ChangeLog | |
| parent | 79df31c85ab06d24f9443e370160cc9c44b88b93 (diff) | |
| download | openvpn-524d968b59aeea3733de8b6c714328d048141bb1.tar.gz openvpn-524d968b59aeea3733de8b6c714328d048141bb1.tar.xz openvpn-524d968b59aeea3733de8b6c714328d048141bb1.zip | |
ChangeLog edit
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@741 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 22 |
1 files changed, 14 insertions, 8 deletions
@@ -3,13 +3,13 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> $Id$ -2005.10.xx -- Version 2.1-beta5 +2005.10.31 -- Version 2.1-beta5 -* Security fix -- Affects non-Windows OpenVPN clients of - version 2.0 or higher which connect to a malicious or - compromised server. A format string vulnerability - in the foreign_option function in options.c could - potentially allow a malicious or compromised server +* Security fix (merged from 2.0.3) -- Affects non-Windows + OpenVPN clients of version 2.0 or higher which connect to + a malicious or compromised server. A format string + vulnerability in the foreign_option function in options.c + could potentially allow a malicious or compromised server to execute arbitrary code on the client. Only non-Windows clients are affected. The vulnerability only exists if (a) the client's TLS negotiation with @@ -19,14 +19,20 @@ $Id$ and (c) the client indicates its willingness to accept pushed options from the server by having "pull" or "client" in its configuration file. -* Security fix -- Potential DoS vulnerability on the - server in TCP mode. If the TCP server accept() call +* Security fix (merged from 2.0.3) -- Potential DoS vulnerability + on the server in TCP mode. If the TCP server accept() call returns an error status, the resulting exception handler may attempt to indirect through a NULL pointer, causing a segfault. Affects all OpenVPN 2.0 versions. * Fix attempt of assertion at multi.c:1586 (note that this precise line number will vary across different versions of OpenVPN). +* Windows reliability changes: + (a) Added code to make sure that the local PATH environmental + variable points to the Windows system32 directory. + (b) Added new --ip-win32 adaptive mode which tries 'dynamic' + and then fails over to 'netsh' if the DHCP negotiation fails. + (c) Made --ip-win32 adaptive the default. * More PKCS#11 additions/changes (Alon Bar-Lev). * Added ".PHONY: plugin" to Makefile.am to work around "make dist" issue. |