Version 1 (modified by 9 years ago) (diff) | ,
---|
Introduction
This page lists all security announcements made by the OpenVPN project.
Announcements
- Security announcement: use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt (Mar 2013)
- TLS Triple Handshake Vulnerability and OpenVPN (Mar 2013)
- OpenSSL 'Heartbleed' vulnerability and OpenVPN (Apr 2014)
- OpenSSL CCS Injection Vulnerability (CVE-2014-0224) and OpenVPN (Jun 2014)
- Security announcement: critical denial of service vulnerability (Nov 2014)
- Vulnerabilities fixed in OpenSSL 1.0.1i
- Vulnerabilities fixed in OpenSSL 1.0.1j
- Security announcement: The FREAK vulnerability
- Vulnerabilities fixed in OpenSSL 1.0.1m