Changes between Version 7 and Version 8 of SecurityAnnouncement-97597e732b
- Timestamp:
- 12/02/14 03:48:11 (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
SecurityAnnouncement-97597e732b
v7 v8 1 1 = Introduction = 2 2 3 In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical ''denial of service'' security vulnerability (CVE-2014-8104). The vulnerability allows a n''tls-authenticated client'' to crash the server by sending a too-short control channel packet to the server. In other words this vulnerability is denial of service only.3 In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical ''denial of service'' security vulnerability (CVE-2014-8104). The vulnerability allows a ''tls-authenticated client'' to crash the server by sending a too-short control channel packet to the server. In other words this vulnerability is denial of service only. 4 4 5 5 A fixed version of OpenVPN (2.3.6) was released 1st Dec 2014 at around 18:00 UTC. The fix was also backported to the OpenVPN 2.2 branch and released in OpenVPN 2.2.3, a source-only release.