Release: OpenVPN version 2.6.10

Collapse
This is a sticky topic.
X
X
 
  • Time
  • Show
Clear All
new posts
  • uddr_
    Junior Member
    • Mar 2024
    • 1

    Release: OpenVPN version 2.6.10

    The OpenVPN community project team is proud to release OpenVPN 2.6.10. This is a bugfix release containing several security fixes for Windows and Windows TAP driver and documentation updates.

    Security fixes:
    • ​​CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation. Reported-by: Vladimir Tokarev <​vtokarev@microsoft.com>
    • ​​CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers. Reported-by: Vladimir Tokarev <​vtokarev@microsoft.com>
    • CVE-2024-27903: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. Plugins can now only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir. Reported-by: Vladimir Tokarev <​vtokarev@microsoft.com>
    • CVE-2024-1305: Windows TAP driver: Fix potential integer overflow in TapSharedSendPacket. Reported-by: Vladimir Tokarev <​vtokarev@microsoft.com>


    New features:
    • t_client.sh can now run pre-tests and skip a test block if needed (e.g. skip NTLM proxy tests if SSL library does not support MD4)


    User visible changes:
    • Update copyright notices to 2024


    Bug fixes:
    • Windows: if the win-dco driver is used (default) and the GUI requests use of a proxy server, the connection would fail. Disable DCO in this case. (Github: ​#522)
    • Compression: minor bugfix in checking option consistency vs. compiled-in algorithm support
    • systemd unit files: remove obsolete syslog.target


    Documentation:
    • remove license warnings about mbedTLS linking (README.mbedtls)
    • update documentation references in systemd unit files
    • sample config files: remove obsolete tls-*.conf files
    • document that auth-user-pass may be inlined


    Windows MSI changes since 2.6.9:
    • For the Windows-specific security fixes see above
    • Built against OpenSSL 3.2.1
    • Included tap6-windows driver updated to 9.27.0
      • Security fix, see above
    • Included ovpn-dco-win driver updated to 1.0.1
      • Ensure we don't pass too large key size to CryptoNG. We do not consider this a security issue since the CryptoNG API handles this gracefully either way.
    • Included openvpn-gui updated to 11.48.0.0
      • Position tray tooltip above the taskbar
      • Combine title and message in tray icon tip text
      • Use a custom tooltip window for the tray icon


    Downloads

    Useful resources
  • Shubham47
    Junior Member
    • Mar 2024
    • 2

    #2
    Hello,

    I am unable to install OpenVPN 'OpenVPN-2.6.10-I001-amd6'

    Attaching the error popup that I get on running the installer file. - OpenVPNMSICA: get_net_adapter_guid: querying 'netCfgInstanceId' registry value failed. Error 2: Can't find the file.

    On clicking ok on this I get an installation page with an option to Install now or Customize. On selecting and proceeding with any of the options the installer runs for some time and ultimately I get the same error again.

    I have seen similar posts but do not get a solution that works for me. I do not have any antivirus installed. Please help me fix this problem.

    Thanks
    Shubham
    Attached Files

    Comment

    • Pippin
      Administrator
      • Dec 2023
      • 16

      #3
      Is it a fresh install or update?
      Uninstall any (previous) version and remove the TAP adapter (via device manager) and try again.

      Comment

      • Ranger
        Junior Member
        • Apr 2024
        • 1

        #4
        I am getting a bad signature on OpenVPN-2.6.10-I001-x86.msi. That is not good. May be a signing error or may be a hacked msi. Others are reporting problems also on the old forum.
        I'm not installing until there is some resolution or clarification. Note that OpenVPN-2.6.10-I001-amd64.msi verifies with no errors. Using gpg 2.4.5
        gpg: Signature made 03/20/24 08:17:32 Eastern Daylight Time
        gpg: using RSA key BE58F539D059B80631C1294A41D20965C2E82DC7
        gpg: BAD signature from "OpenVPN - Security Mailing List <security@openvpn.net>" [full]

        Can someone on the team check this out. Thanks

        Comment

        Working...
        😀
        😂
        🥰
        😘
        🤢
        😎
        😞
        😡
        👍
        👎