Changes between Version 2 and Version 3 of OpenVPN2013-week-15-summary
- Timestamp:
- 04/17/13 08:22:45 (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
OpenVPN2013-week-15-summary
v2 v3 4 4 5 5 * There was [http://comments.gmane.org/gmane.network.openvpn.devel/7484 a discussion] on openvpn-devel about usage of the management interface on the server-side. Apparently it's not very widely used, with the exception of the Access Server. 6 * FreeBSD went into a "panic mode" over the potential side-channel exploit fixed in OpenVPN 2.3.1, flagging all OpenVPN versions <2.3.1 as vulnerable. In a nutshell, they thought the vulnerability was more serious than it really was. A [wiki:SecurityAnnouncement-f375aa67cc security announcement] was written to allow FreeBSD (and others) to gauge the real impact of the vulnerability, which is low. The original FreeBSD notice seems not to be available anymore, but the current one is [http://portaudit.freebsd.org/92f30415-9935-11e2-ad4c-080027ef73ec.html here] 6 * FreeBSD went into a "panic mode" over the potential side-channel exploit fixed in OpenVPN 2.3.1, flagging all OpenVPN versions <2.3.1 as vulnerable. In a nutshell, they thought the vulnerability was more serious than it really was. A [wiki:SecurityAnnouncement-f375aa67cc security announcement] was written to allow FreeBSD (and others) to gauge the real impact of the vulnerability, which is low. The original FreeBSD notice seems not to be available anymore, but the current one is [http://portaudit.freebsd.org/92f30415-9935-11e2-ad4c-080027ef73ec.html here]. An attempt will be made to handle future security vulnerabilities in a more coordinated fashion. 7 7 * It was agreed on IRC to restart the [wiki:IrcMeetings weekly IRC meetings]. The [wiki:Topics-2013-04-18 first meeting] was scheduled for 18th April 2013. 8 8 * The discussion about having a closed security mailing list was reopened. It will be created by OpenVPN Technologies and will include both company and community members.
