Changes between Version 7 and Version 8 of SecurityAnnouncement-97597e732b


Ignore:
Timestamp:
12/02/14 03:48:11 (6 years ago)
Author:
Eric Crist
Comment:

grammar

Legend:

Unmodified
Added
Removed
Modified
  • SecurityAnnouncement-97597e732b

    v7 v8  
    11= Introduction =
    22
    3 In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical ''denial of service'' security vulnerability (CVE-2014-8104). The vulnerability allows an ''tls-authenticated client'' to crash the server by sending a too-short control channel packet to the server. In other words this vulnerability is denial of service only.
     3In late November 2014 Dragana Damjanovic notified OpenVPN developers of a critical ''denial of service'' security vulnerability (CVE-2014-8104). The vulnerability allows a ''tls-authenticated client'' to crash the server by sending a too-short control channel packet to the server. In other words this vulnerability is denial of service only.
    44
    55A fixed version of OpenVPN (2.3.6) was released 1st Dec 2014 at around 18:00 UTC. The fix was also backported to the OpenVPN 2.2 branch and released in OpenVPN 2.2.3, a source-only release.