Release: OpenVPN version 2.6.10

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • uddr_
    Junior Member
    • Mar 2024
    • 2
    #1

    Release: OpenVPN version 2.6.10

    The OpenVPN community project team is proud to release OpenVPN 2.6.10. This is a bugfix release containing several security fixes for Windows and Windows TAP driver and documentation updates.

    Security fixes:
    • ​​CVE-2024-27459: Windows: fix a possible stack overflow in the interactive service component which might lead to a local privilege escalation. Reported-by: Vladimir Tokarev <​vtokarev@microsoft.com>
    • ​​CVE-2024-24974: Windows: disallow access to the interactive service pipe from remote computers. Reported-by: Vladimir Tokarev <​vtokarev@microsoft.com>
    • CVE-2024-27903: Windows: disallow loading of plugins from untrusted installation paths, which could be used to attack openvpn.exe via a malicious plugin. Plugins can now only be loaded from the OpenVPN install directory, the Windows system directory, and possibly from a directory specified by HKLM\SOFTWARE\OpenVPN\plugin_dir. Reported-by: Vladimir Tokarev <​vtokarev@microsoft.com>
    • CVE-2024-1305: Windows TAP driver: Fix potential integer overflow in TapSharedSendPacket. Reported-by: Vladimir Tokarev <​vtokarev@microsoft.com>


    New features:
    • t_client.sh can now run pre-tests and skip a test block if needed (e.g. skip NTLM proxy tests if SSL library does not support MD4)


    User visible changes:
    • Update copyright notices to 2024


    Bug fixes:
    • Windows: if the win-dco driver is used (default) and the GUI requests use of a proxy server, the connection would fail. Disable DCO in this case. (Github: ​#522)
    • Compression: minor bugfix in checking option consistency vs. compiled-in algorithm support
    • systemd unit files: remove obsolete syslog.target


    Documentation:
    • remove license warnings about mbedTLS linking (README.mbedtls)
    • update documentation references in systemd unit files
    • sample config files: remove obsolete tls-*.conf files
    • document that auth-user-pass may be inlined


    Windows MSI changes since 2.6.9:
    • For the Windows-specific security fixes see above
    • Built against OpenSSL 3.2.1
    • Included tap6-windows driver updated to 9.27.0
      • Security fix, see above
    • Included ovpn-dco-win driver updated to 1.0.1
      • Ensure we don't pass too large key size to CryptoNG. We do not consider this a security issue since the CryptoNG API handles this gracefully either way.
    • Included openvpn-gui updated to 11.48.0.0
      • Position tray tooltip above the taskbar
      • Combine title and message in tray icon tip text
      • Use a custom tooltip window for the tray icon


    Downloads

    Useful resources
    Tags: 2.6.10, release
    • Shubham47
      Junior Member
      • Mar 2024
      • 2
      #2
      Hello,

      I am unable to install OpenVPN 'OpenVPN-2.6.10-I001-amd6'

      Attaching the error popup that I get on running the installer file. - OpenVPNMSICA: get_net_adapter_guid: querying 'netCfgInstanceId' registry value failed. Error 2: Can't find the file.

      On clicking ok on this I get an installation page with an option to Install now or Customize. On selecting and proceeding with any of the options the installer runs for some time and ultimately I get the same error again.

      I have seen similar posts but do not get a solution that works for me. I do not have any antivirus installed. Please help me fix this problem.

      Thanks
      Shubham
      Attached Files

        Comment

        • Pippin
          Administrator
          • Dec 2023
          • 19
          #3
          Is it a fresh install or update?
          Uninstall any (previous) version and remove the TAP adapter (via device manager) and try again.

            Comment

            • Ranger
              Junior Member
              • Apr 2024
              • 1
              #4
              I am getting a bad signature on OpenVPN-2.6.10-I001-x86.msi. That is not good. May be a signing error or may be a hacked msi. Others are reporting problems also on the old forum.
              I'm not installing until there is some resolution or clarification. Note that OpenVPN-2.6.10-I001-amd64.msi verifies with no errors. Using gpg 2.4.5
              gpg: Signature made 03/20/24 08:17:32 Eastern Daylight Time
              gpg: using RSA key BE58F539D059B80631C1294A41D20965C2E82DC7
              gpg: BAD signature from "OpenVPN - Security Mailing List <security@openvpn.net>" [full]

              Can someone on the team check this out. Thanks

                Comment

                Previous template Next
                Working...
                😀
                😂
                🥰
                😘
                🤢
                😎
                😞
                😡
                👍
                👎