Might an in-depth investigation on these issues take more time than
building an updated installer?
Indeed. I will produce new Windows installers later today. From now on
I'll produce new installers for every OpenSSL release, whether OpenVPN
is affected or not.
--
Samuli Seppänen
Community
On 06/26/2015 07:48 AM, Jan Just Keijser wrote:
On 26/06/15 13:28, Gert Doering wrote:
Hi,
On Fri, Jun 26, 2015 at 12:16:43PM +0200, David Sommerseth wrote:
* Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
This might be an issue on OpenVPN on the server side. However,
On 26/06/15 13:28, Gert Doering wrote:
Hi,
On Fri, Jun 26, 2015 at 12:16:43PM +0200, David Sommerseth wrote:
* Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
This might be an issue on OpenVPN on the server side. However,
--tls-auth will reduce the attack vector to one of your
Hi,
On Fri, Jun 26, 2015 at 12:16:43PM +0200, David Sommerseth wrote:
> * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
> This might be an issue on OpenVPN on the server side. However,
> --tls-auth will reduce the attack vector to one of your own users.
As we're not using
On 25/06/15 17:42, Joseph S. Testa II wrote:
> On 06/25/2015 10:46 AM, Jan Just Keijser wrote:
>> Joseph S. Testa II wrote:
>>> Hi all,
>>>
>>> I was wondering if an updated Windows build is being planned for
>>> release soon to fix CVE-2015-4000, et. al, as described in
>>>
On 06/25/2015 10:46 AM, Jan Just Keijser wrote:
Joseph S. Testa II wrote:
Hi all,
I was wondering if an updated Windows build is being planned for
release soon to fix CVE-2015-4000, et. al, as described in
http://www.openssl.org/news/secadv_20150611.txt.
I haven't seen anyone talk
Joseph S. Testa II wrote:
Hi all,
I was wondering if an updated Windows build is being planned for
release soon to fix CVE-2015-4000, et. al, as described in
http://www.openssl.org/news/secadv_20150611.txt.
I haven't seen anyone talk about this on the mailing list since the
Hi all,
I was wondering if an updated Windows build is being planned for
release soon to fix CVE-2015-4000, et. al, as described in
http://www.openssl.org/news/secadv_20150611.txt.
I haven't seen anyone talk about this on the mailing list since the
advisory came out two weeks ago, so