webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-27 11:13:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
53443e304a1e361f2f236fa56ee95cb7280490cd
bpfire/lfs/openvpn
Adolf Belka 91c0e2735d openvpn: Update to version 2.5.10 
- Update from version 2.5.9 to 2.5.10
- Update of rootfile not required
- 3 CVE Fixes in this version but all are for Windows installations.
- Changelog
    2.5.10
	Security fixes
		- CVE-2024-27459: Windows: fix a possible stack overflow in the
		  interactive service component which might lead to a local privilege
		  escalation.
		  Reported-by: Vladimir Tokarev <vtokarev@microsoft.com>
		- CVE-2024-24974: Windows: disallow access to the interactive service
		  pipe from remote computers.
		  Reported-by: Vladimir Tokarev <vtokarev@microsoft.com>
		- CVE-2024-27903: Windows: disallow loading of plugins from untrusted
		  installation paths, which could be used to attack openvpn.exe via
		  a malicious plugin.  Plugins can now only be loaded from the OpenVPN
		  install directory, the Windows system directory, and possibly from
		  a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir.
		  Reported-by: Vladimir Tokarev <vtokarev@microsoft.com>
	User visible changes
		- License amendment: all NEW commits fall under a modified license that
		  explicitly permits linking with Apache2 libraries (mbedTLS, OpenSSL) -
		  see COPYING for details.  Existing code in the release/2.5 branch
		  will not been relicensed (only in release/2.6 and later branches).

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2024-09-09 15:42:27 +00:00

4.4 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink