Hi, On Tue, Dec 02, 2014 at 07:24:50AM -0500, Alan McKay wrote: > So am I reading this right? This only affects a really old version of > OpenVPN? > Nothing to worry about with a modern install (2.x.y) > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9104
This is about the web gui of OpenVPN Access Server - so, unless you
run AS, it's not relevant to you. If you do, make sure you run a recent-
enough version (note that this advisory is from July!).
Yesterday's OpenVPN advisory (CVE-2014-8104) is relevant for all server
operators that have untrusted clients - typically, commercial VPN operators
- and affects ALL versions, 2.1/2.2/2.3/git master, and OpenVPN AS.
Clients do not strictly need to upgrade, as servers can always make clients
exit by means of the OpenVPN protocol.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgp5RYdFzZxfQ.pgp
Description: PGP signature
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
