From 76a59eae43d2a1d08c6dae855b57625008c44cca Mon Sep 17 00:00:00 2001 From: james Date: Tue, 1 Nov 2005 21:05:04 +0000 Subject: Merged 2.0.4 changes. svn merge -r 737:749 $SO/trunk/openvpn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@750 e7ae566f-a301-0410-adde-c780ea21d3b5 --- ChangeLog | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index b7789e5..3259f5f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,9 +3,9 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC $Id$ -2005.10.31 -- Version 2.1-beta5 +2005.11.01 -- Version 2.1-beta6 -* Security fix (merged from 2.0.3) -- Affects non-Windows +* Security fix (merged from 2.0.4) -- Affects non-Windows OpenVPN clients of version 2.0 or higher which connect to a malicious or compromised server. A format string vulnerability in the foreign_option function in options.c @@ -19,11 +19,13 @@ $Id$ and (c) the client indicates its willingness to accept pushed options from the server by having "pull" or "client" in its configuration file (Credit: Vade79). -* Security fix (merged from 2.0.3) -- Potential DoS vulnerability - on the server in TCP mode. If the TCP server accept() call - returns an error status, the resulting exception handler - may attempt to indirect through a NULL pointer, causing - a segfault. Affects all OpenVPN 2.0 versions. + CVE-2005-3393 +* Security fix -- (merged from 2.0.4) Potential DoS + vulnerability on the server in TCP mode. If the TCP + server accept() call returns an error status, the resulting + exception handler may attempt to indirect through a NULL + pointer, causing a segfault. Affects all OpenVPN 2.0 versions. + CVE-2005-3409 * Fix attempt of assertion at multi.c:1586 (note that this precise line number will vary across different versions of OpenVPN). -- cgit