The OpenVPN community project team is proud to release OpenVPN 2.4.11.
It fixes two related security vulnerabilities (CVE-2020-15078) which
under very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup. This release also includes other bug
fixes and improvements. Updated OpenSSL and OpenVPN GUI are included in
Windows installers.
Source code and Windows installers can be downloaded from our download page:
<https://openvpn.net/community-downloads/>
Debian and Ubuntu packages are available in the official apt repositories:
<https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
_______________________________________________
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce
