diff options
Diffstat (limited to 'Changes.rst')
-rw-r--r-- | Changes.rst | 143 |
1 files changed, 141 insertions, 2 deletions
diff --git a/Changes.rst b/Changes.rst index 7ffd89e..454dde4 100644 --- a/Changes.rst +++ b/Changes.rst @@ -1,5 +1,5 @@ -Version 2.4.0 -============= +Overview of changes in 2.4 +========================== New features @@ -177,6 +177,7 @@ Deprecated features - ``--no-iv`` is deprecated in 2.4 and will be removed in 2.5. + User-visible Changes -------------------- - When using ciphers with cipher blocks less than 128-bits, @@ -302,3 +303,141 @@ Maintainer-visible changes header combinations. In most of these situations it is recommended to use -std=gnu99 in CFLAGS. This is known to be needed when doing i386/i686 builds on RHEL5. + + + +Version 2.4.3 +============= + +New features +------------ +- Support building with OpenSSL 1.1 now (in addition to older versions) + +- On Win10, set low interface metric for TAP adapter when block-outside-dns + is in use, to make Windows prefer the TAP adapter for DNS queries + (avoiding large delays) + + +Security +-------- +- CVE-2017-7522: Fix ``--x509-track`` post-authentication remote DoS + A client could crash a 2.4+ mbedtls server, if that server uses the + ``--x509-track`` option and the client has a correct, signed and unrevoked + certificate that contains an embedded NUL in the certificate subject. + Discovered and reported to the OpenVPN security team by Guido Vranken. + +- CVE-2017-7521: Fix post-authentication remote-triggerable memory leaks + A client could cause a server to leak a few bytes each time it connects to the + server. That can eventuall cause the server to run out of memory, and thereby + causing the server process to terminate. Discovered and reported to the + OpenVPN security team by Guido Vranken. (OpenSSL builds only.) + +- CVE-2017-7521: Fix a potential post-authentication remote code execution + attack on servers that use the ``--x509-username-field`` option with an X.509 + extension field (option argument prefixed with ``ext:``). A client that can + cause a server to run out-of-memory (see above) might be able to cause the + server to double free, which in turn might lead to remote code execution. + Discovered and reported to the OpenVPN security team by Guido Vranken. + (OpenSSL builds only.) + +- CVE-2017-7520: Pre-authentication remote crash/information disclosure for + clients. If clients use a HTTP proxy with NTLM authentication (i.e. + ``--http-proxy <server> <port> [<authfile>|'auto'|'auto-nct'] ntlm2``), + a man-in-the-middle attacker between the client and the proxy can cause + the client to crash or disclose at most 96 bytes of stack memory. The + disclosed stack memory is likely to contain the proxy password. If the + proxy password is not reused, this is unlikely to compromise the security + of the OpenVPN tunnel itself. Clients who do not use the ``--http-proxy`` + option with ntlm2 authentication are not affected. + +- CVE-2017-7508: Fix remotely-triggerable ASSERT() on malformed IPv6 packet. + This can be used to remotely shutdown an openvpn server or client, if + IPv6 and ``--mssfix`` are enabled and the IPv6 networks used inside the VPN + are known. + +- Fix null-pointer dereference when talking to a malicious http proxy + that returns a malformed Proxy-Authenticate: headers for digest auth. + +- Fix overflow check for long ``--tls-cipher`` option + +- Windows: Pass correct buffer size to ``GetModuleFileNameW()`` + (OSTIF/Quarkslabs audit, finding 5.6) + + +User-visible Changes +-------------------- +- ``--verify-hash`` can now take an optional flag which changes the hashing + algorithm. It can be either SHA1 or SHA256. The default if not provided is + SHA1 to preserve backwards compatibility with existing configurations. + +- Restrict the supported ``--x509-username-field`` extension fields to subjectAltName + and issuerAltName. Other extensions probably didn't work anyway, and would + cause OpenVPN to crash when a client connects. + + +Bugfixes +-------- +- Fix fingerprint calculation in mbed TLS builds. This means that mbed TLS users + of OpenVPN 2.4.0, 2.4.1 and 2.4.2 that rely on the values of the + ``tls_digest_*`` env vars, or that use ``--verify-hash`` will have to change + the fingerprint values they check against. The security impact of the + incorrect calculation is very minimal; the last few bytes (max 4, typically + 4) are not verified by the fingerprint. We expect no real-world impact, + because users that used this feature before will notice that it has suddenly + stopped working, and users that didn't will notice that connection setup + fails if they specify correct fingerprints. + +- Fix edge case with NCP when the server sends an empty PUSH_REPLY message + back, and the client would not initialize it's data channel crypto layer + properly (trac #903) + +- Fix SIGSEGV on unaligned buffer access on OpenBSD/Sparc64 + +- Fix TCP_NODELAY on OpenBSD + +- Remove erroneous limitation on max number of args for --plugin + +- Fix NCP behaviour on TLS reconnect (Server would not send a proper + "cipher ..." message back to the client, leading to client and server + using different ciphers) (trac #887) + + +Version 2.4.2 +============= + +Bugfixes +-------- +- Fix memory leak introduced in 2.4.1: if --remote-cert-tls is used, we leaked + some memory on each TLS (re)negotiation. + +Security +-------- +- Fix a pre-authentication denial-of-service attack on both clients and servers. + By sending a too-large control packet, OpenVPN 2.4.0 or 2.4.1 can be forced + to hit an ASSERT() and stop the process. If ``--tls-auth`` or ``--tls-crypt`` + is used, only attackers that have the ``--tls-auth`` or ``--tls-crypt`` key + can mount an attack. (OSTIF/Quarkslab audit finding 5.1, CVE-2017-7478) + +- Fix an authenticated remote DoS vulnerability that could be triggered by + causing a packet id roll over. An attack is rather inefficient; a peer + would need to get us to send at least about 196 GB of data. + (OSTIF/Quarkslab audit finding 5.2, CVE-2017-7479) + + +Version 2.4.1 +============= +- ``--remote-cert-ku`` now only requires the certificate to have at least the + bits set of one of the values in the supplied list, instead of requiring an + exact match to one of the values in the list. + +- ``--remote-cert-tls`` now only requires that a keyUsage is present in the + certificate, and leaves the verification of the value up to the crypto + library, which has more information (i.e. the key exchange method in use) + to verify that the keyUsage is correct. + +- ``--ns-cert-type`` is deprecated. Use ``--remote-cert-tls`` instead. + The nsCertType x509 extension is very old, and barely used. + ``--remote-cert-tls`` uses the far more common keyUsage and extendedKeyUsage + extension instead. Make sure your certificates carry these to be able to + use ``--remote-cert-tls``. + |