Version 11 (modified by 7 years ago) (diff) | ,
---|
Introduction
This page lists all security announcements made by the OpenVPN project.
Announcements
- Vulnerabilities fixed in OpenVPN 2.3.17 and 2.4.3 (June 2017)
- Quarkslab and Cryptography Engineering audits (May 2017)
- Linux kernel, UDP packets and MSG_PEEK (CVE-2016-10229) (April 2017)
- OpenVPN and SWEET32 (Aug 2016)
- Tap-windows6 buffer overflow vulnerability (May 2016)
- Vulnerabilities fixed in OpenSSL 1.0.1m (Mar 2015)
- Security announcement: The FREAK vulnerability (Mar 2015)
- Security announcement: critical denial of service vulnerability (CVE-2014-8104) (Nov 2014)
- Vulnerabilities fixed in OpenSSL 1.0.1j (Oct 2014)
- Vulnerabilities fixed in OpenSSL 1.0.1i (Aug 2014)
- OpenSSL CCS Injection Vulnerability (CVE-2014-0224) and OpenVPN (Jun 2014)
- OpenSSL 'Heartbleed' vulnerability and OpenVPN (Apr 2014)
- TLS Triple Handshake Vulnerability and OpenVPN (Mar 2013)
- Security announcement: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt (CVE-2013-2061) (Mar 2013)