×

Help Tweakers weer winnen!

Tweakers is dit jaar weer genomineerd voor beste nieuwssite, beste prijsvergelijker en beste community! Laten we ervoor zorgen dat heel Nederland weet dat Tweakers de beste website is. Stem op Tweakers en maak kans op mooie prijzen!

Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Software-update: OpenVPN 2.4.3

Door , 0 reacties, submitter: sambalbaj, bron: OpenVPN

23-06-2017 • 14:06

0 Linkedin Google+

Submitter: sambalbaj

Bron: OpenVPN

OpenVPN is een robuuste en gemakkelijk in te stellen opensource-vpn-daemon waarmee verschillende private networks aan elkaar geknoopt kunnen worden door middel van een encrypted tunnel via internet. Voor de beveiliging wordt gebruikgemaakt van de OpenSSL-library, waarmee alle encryptie, authenticatie en certificatie afgehandeld kan worden. Voor meer informatie verwijzen we naar deze pagina en een installatiehandleiding is op deze pagina te raadplegen. De ontwikkelaars hebben versie 2.4.3 uitgebracht, met de volgende veranderingen:

OpenVPN 2.4.3

OpenVPN v2.4.2 was analyzed closely using a fuzzer by Guido Vranken. In the process several vulnerabilities were found, some of which are remotely exploitable in certain circumstances. We recommend you to upgrade to OpenVPN 2.4.3 or 2.3.17 as soon as possible. More details are available in our official security announcement.

Compared to OpenVPN 2.3 this is a major update with a large number of new features, improvements and fixes. Some of the major features are AEAD (GCM) cipher and Elliptic Curve DH key exchange support, improved IPv4/IPv6 dual stack support and more seamless connection migration when client's IP address changes (Peer-ID). Also, the new --tls-crypt feature can be used to increase users' connection privacy.

Compared to OpenVPN 2.4.2 there are several bugfixes and one major feature: support for building with OpenSSL 1.1.

A summary of the changes is available in Changes.rst, and a full list of changes is available here.

Changes in 2.4.3
  • Ignore auth-nocache for auth-user-pass if auth-token is pushed
  • crypto: Enable SHA256 fingerprint checking in --verify-hash
  • copyright: Update GPLv2 license texts
  • auth-token with auth-nocache fix broke --disable-crypto builds
  • OpenSSL: don't use direct access to the internal of X509
  • OpenSSL: don't use direct access to the internal of EVP_PKEY
  • OpenSSL: don't use direct access to the internal of RSA
  • OpenSSL: don't use direct access to the internal of DSA
  • OpenSSL: force meth->name as non-const when we free() it
  • OpenSSL: don't use direct access to the internal of EVP_MD_CTX
  • OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
  • OpenSSL: don't use direct access to the internal of HMAC_CTX
  • Fix NCP behaviour on TLS reconnect.
  • Remove erroneous limitation on max number of args for --plugin
  • Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
  • Fix potential 1-byte overread in TCP option parsing.
  • Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
  • Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
  • refactor my_strupr
  • Fix 2 memory leaks in proxy authentication routine
  • Fix memory leak in add_option() for option 'connection'
  • Ensure option array p[] is always NULL-terminated
  • Fix a null-pointer dereference in establish_http_proxy_passthru()
  • Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
  • Fix an unaligned access on OpenBSD/sparc64
  • Missing include for socket-flags TCP_NODELAY on OpenBSD
  • Make openvpn-plugin.h self-contained again.
  • Pass correct buffer size to GetModuleFileNameW()
  • Log the negotiated (NCP) cipher
  • Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
  • Skip tls-crypt unit tests if required crypto mode not supported
  • openssl: fix overflow check for long --tls-cipher option
  • Add a DSA test key/cert pair to sample-keys
  • Fix mbedtls fingerprint calculation
  • mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
  • mbedtls: require C-string compatible types for --x509-username-field
  • Fix remote-triggerable memory leaks (CVE-2017-7521)
  • Restrict --x509-alt-username extension types
  • Fix potential double-free in --x509-alt-username (CVE-2017-7521)
  • Fix gateway detection with OpenBSD routing domains
Versienummer 2.4.3
Releasestatus Final
Besturingssystemen Windows 7, Linux, BSD, macOS, Solaris, Windows Server 2008, Windows Server 2012, Windows 8, Windows 10
Website OpenVPN
Download https://openvpn.net/index.php/download/community-downloads.html
Licentietype GPL

Update-historie

Meer historie

Reacties


Er zijn nog geen reacties geplaatst

Op dit item kan niet meer gereageerd worden.


Apple iPhone X Google Pixel 2 XL LG W7 Samsung Galaxy S8 Google Pixel 2 Sony Bravia A1 OLED Microsoft Xbox One X Apple iPhone 8

© 1998 - 2017 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Hardware.Info de Persgroep Online Services B.V. Hosting door True

*