$Id$
-2005.10.xx -- Version 2.1-beta5
+2005.10.31 -- Version 2.1-beta5
-* Security fix -- Affects non-Windows OpenVPN clients of
- version 2.0 or higher which connect to a malicious or
- compromised server. A format string vulnerability
- in the foreign_option function in options.c could
- potentially allow a malicious or compromised server
+* Security fix (merged from 2.0.3) -- Affects non-Windows
+ OpenVPN clients of version 2.0 or higher which connect to
+ a malicious or compromised server. A format string
+ vulnerability in the foreign_option function in options.c
+ could potentially allow a malicious or compromised server
to execute arbitrary code on the client. Only
non-Windows clients are affected. The vulnerability
only exists if (a) the client's TLS negotiation with
and (c) the client indicates its willingness to accept
pushed options from the server by having "pull" or
"client" in its configuration file.
-* Security fix -- Potential DoS vulnerability on the
- server in TCP mode. If the TCP server accept() call
+* Security fix (merged from 2.0.3) -- Potential DoS vulnerability
+ on the server in TCP mode. If the TCP server accept() call
returns an error status, the resulting exception handler
may attempt to indirect through a NULL pointer, causing
a segfault. Affects all OpenVPN 2.0 versions.
* Fix attempt of assertion at multi.c:1586 (note that
this precise line number will vary across different
versions of OpenVPN).
+* Windows reliability changes:
+ (a) Added code to make sure that the local PATH environmental
+ variable points to the Windows system32 directory.
+ (b) Added new --ip-win32 adaptive mode which tries 'dynamic'
+ and then fails over to 'netsh' if the DHCP negotiation fails.
+ (c) Made --ip-win32 adaptive the default.
* More PKCS#11 additions/changes (Alon Bar-Lev).
* Added ".PHONY: plugin" to Makefile.am to work around
"make dist" issue.
projects / thirdparty / openvpn.git / commitdiff
