diff options
| author | David Sommerseth | 2017-09-25 23:42:48 +0200 |
|---|---|---|
| committer | David Sommerseth | 2017-09-25 23:42:48 +0200 |
| commit | 9779cef26e296bb7c94e336c0a1ea1f4da3276d9 (patch) | |
| tree | cf1afd64cdf98efe99b0af4ddc0080f07828e801 | |
| parent | fce34375295151f548a26c2d0eb30141e427c81a (diff) | |
| download | openvpn-2.3.18.zip openvpn-2.3.18.tar.gz | |
Preparing OpenVPN 2.3.18 releasev2.3.18
Signed-off-by: David Sommerseth <davids@openvpn.net>
| -rw-r--r-- | ChangeLog | 12 | ||||
| -rw-r--r-- | Changes.rst | 14 | ||||
| -rw-r--r-- | version.m4 | 4 |
3 files changed, 28 insertions, 2 deletions
@@ -1,6 +1,18 @@ OpenVPN Change Log Copyright (C) 2002-2017 OpenVPN Technologies, Inc. <sales@openvpn.net> +2017.09.25 -- Version 2.3.18 +Antonio Quartulli (1): + crypto: correct typ0 in error message + +Steffan Karger (2): + Deprecate --ns-cert-type + Fix bounds check in read_key() + +Szilárd Pfeiffer (1): + OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag + + 2017.06.21 -- Version 2.3.17 David Sommerseth (2): diff --git a/Changes.rst b/Changes.rst index 3d164b9..5755314 100644 --- a/Changes.rst +++ b/Changes.rst @@ -116,6 +116,20 @@ Deprecated features extension instead. Make sure your certificates carry these to be able to use ``--remote-cert-tls``. +Behavioural changes +------------------- +- OpenVPN built against OpenSSL will now prefer the TLS cipher used by the + server for the control channel cipher. + +Security +-------- +- CVE-2017-12166: Fix bounds check for configurations using ``--key-method 1`` + Before this fix, it could allow an attacker to send a malformed packet to + trigger a stack overflow. This is considered to be a low risk issue, as + ``--key-method 2`` has been the default since OpenVPN 2.0 (released on + 2005-04-17). This option is already deprecated in v2.4 and will be + completely removed in v2.5. + Version 2.3.17 ============== @@ -1,9 +1,9 @@ dnl define the OpenVPN version define([PRODUCT_NAME], [OpenVPN]) define([PRODUCT_TARNAME], [openvpn]) -define([PRODUCT_VERSION], [2.3.17]) +define([PRODUCT_VERSION], [2.3.18]) define([PRODUCT_BUGREPORT], [openvpn-users@lists.sourceforge.net]) -define([PRODUCT_VERSION_RESOURCE], [2,3,17,0]) +define([PRODUCT_VERSION_RESOURCE], [2,3,18,0]) dnl define the TAP version define([PRODUCT_TAP_WIN_COMPONENT_ID], [tap0901]) define([PRODUCT_TAP_WIN_MIN_MAJOR], [9]) |