[Openvpn-devel] OpenVPN 2.6.10 released

The OpenVPN community project team is proud to release OpenVPN 2.6.10. This is a bugfix release containing several security fixes for Windows and Windows TAP driver and documentation updates. Security fixes: * CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service co

Re: [Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks

Hi, On Fri, Mar 15, 2024 at 05:40:02PM +0100, Frank Lichtenheld wrote: > Code looks good and I tested build and default t_client tests. > However, not sure how exactly to verify that it actually works. > The SOCKS proxy I have doesn't exhibit any problems even with > --connect-timeout 1. > > Any

[Openvpn-devel] IRC community meeting summary

Meeting summary for 20 March 2024: * *Updated: openvpn 2.6.10 release* /This release should go out today./ /It contains a number of security fixes focused on Windows./ * *OpenVPN 2.5.10 release* /According to ourSupportedVersions

[Openvpn-devel] [PATCH applied] Re: interactive.c: Fix potential stack overflow issue

Acked-by: Gert Doering Verified that this is the same conceptual patch as we have in master and release/2.6, just the lines look a bit different because the 2.5 code is different - the union has less members, and there is ring_buffer related stuff in the context that was changed for 2.6 Test com

[Openvpn-devel] [PATCH release/2.5] interactive.c: Fix potential stack overflow issue

When reading message from the pipe, we first peek the pipe to get the size of the message waiting to be read and then read the message. A compromised OpenVPN process could send an excessively large message, which would result in a stack-allocated message buffer overflow. To address this, we termin