wiki:SecurityAnnouncements

Context Navigation

Version 11 (modified by Samuli Seppänen, 7 years ago) (diff)
--

Introduction

This page lists all security announcements made by the OpenVPN project.

Announcements

Vulnerabilities fixed in OpenVPN 2.3.17 and 2.4.3 (June 2017)
Quarkslab and Cryptography Engineering audits (May 2017)
Linux kernel, UDP packets and MSG_PEEK (CVE-2016-10229) (April 2017)
OpenVPN and SWEET32 (Aug 2016)
Tap-windows6 buffer overflow vulnerability (May 2016)
Vulnerabilities fixed in OpenSSL 1.0.1m (Mar 2015)
Security announcement: The FREAK vulnerability (Mar 2015)
Security announcement: critical denial of service vulnerability (CVE-2014-8104) (Nov 2014)
Vulnerabilities fixed in OpenSSL 1.0.1j (Oct 2014)
Vulnerabilities fixed in OpenSSL 1.0.1i (Aug 2014)
OpenSSL CCS Injection Vulnerability (CVE-2014-0224) and OpenVPN (Jun 2014)
OpenSSL 'Heartbleed' vulnerability and OpenVPN (Apr 2014)
TLS Triple Handshake Vulnerability and OpenVPN (Mar 2013)
Security announcement: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt (CVE-2013-2061) (Mar 2013)

Download in other formats:

Plain Text