OpenVPN is een robuuste en gemakkelijk in te stellen opensource-vpn-daemon waarmee verschillende private netwerken aan elkaar geknoopt kunnen worden via een versleutelde tunnel over internet. Voor de beveiliging wordt gebruikgemaakt van de OpenSSL-library, waarmee alle encryptie, authenticatie en certificatie kunnen worden afgehandeld. De ontwikkelaars hebben versie 2.6.10 uitgebracht en de changelog voor die uitgave kan hieronder worden gevonden.
Security fixesBug fixes
- CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation.
- CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers.
- CVE-2024-27903: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. Plugins can now only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir.
User visible changes
- Windows: if the win-dco driver is used (default) and the GUI requests use of a proxy server, the connection would fail. Disable DCO in this case. (Github: #522)
- Compression: minor bugfix in checking option consistency vs. compiled-in algorithm support
- systemd unit files: remove obsolete syslog.target
New features
- Update copyright notices to 2024
Documentation
- t_client.sh can now run pre-tests and skip a test block if needed (e.g. skip NTLM proxy tests if SSL library does not support MD4)
- Remove license warnings about mbedTLS linking (README.mbedtls)
- Update documentation references in systemd unit files
- Sample config files: remove obsolete tls-*.conf files
- Document that auth-user-pass may be inlined