Release: OpenVPN version 2.6.11

flichtenheld

Junior Member

Join Date: Feb 2024

Posts: 1
Share

Tweet
#1

Release: OpenVPN version 2.6.11

2024-06-21, 05:10 AM

The OpenVPN community project team is proud to release OpenVPN 2.6.11. This is a bugfix release containing several security fixes.

For details see Changes.rst

Security fixes:
CVE-2024-4877: Windows: harden interactive service pipe. Security scope: a malicious process with "some" elevated privileges (SeImpersonatePrivilege) could open the pipe a second time, tricking openvn GUI into providing user credentials (tokens), getting full access to the account openvpn-gui.exe runs as. (Zeze with TeamT5)

CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them. Security scope: a malicious openvpn peer can send garbage to openvpn log, or cause high CPU load. (Reynir Björnsson)

CVE-2024-28882: only call schedule_exit() once (on a given peer). Security scope: an authenticated client can make the server "keep the session" even when the server has been told to disconnect his client (Reynir Björnsson)

New features:
Windows Crypto-API: Implement Windows CA template match for searching certificates in windows crypto store.

Support pre-created DCO interface on FreeBSD (OpenVPN would fail to set ifmode p2p/subnet otherwise)

Bug fixes:
Fix connect timeout when using SOCKS proxies (trac #328, github #267)

Work around LibreSSL crashing on OpenBSD 7.5 when enumerating ciphers (LibreSSL bug, already fixed upstream, but not backported to OpenBSD 7.5, see also LibreSSL/OpenBSD#150)

Add bracket in fingerprint message and do not warn about missing verification (github #516)

Documentation:
Remove "experimental" denotation for --fast-io

Correctly document ifconfig_* variables passed to scripts

Documentation: make section levels consistent

Samples: Update sample configurations (remove compression & old cipher settings, add more informative comments)

Windows MSI changes since 2.6.10:
For the Windows-specific security fixes see above

Built against OpenSSL 3.3.1

Included openvpn-gui updated to 11.49.0.0
Contains part of the fix for CVE-2024-4877

Downloads
Windows installers

Official OpenVPN Linux package repositories

Source archive file

Useful resources
Documentation

Community wiki

Report issues

User mailing list

Easy RSA 3 HOWTO

User IRC channel: openvpn at irc.libera.chat
Tags: 2.6.11, release