Software Update: OpenVPN 2.4.2

OpenVPN is a robust and easy to set up open source VPN daemon that allows several private networks to be linked together through an encrypted tunnel over the internet. The OpenSSL library is used for security, with which all encryption, authentication and certification can be handled. For more information, please refer to this page and an installation guide is on this page to consult. The developers have released version 2.4.2 with the following changes:

Version 2.4.2

• auth-token: Ensure tokens are always wiped on de-auth
• docs: Fixed man-page warnings discovered by rpmlint
• Make –cipher/–auth none more explicit on the risks
• plugin: Fix documentation typo for type_mask
• plugin: Export secure_memzero() to plugins
• Fix extract_x509_field_ssl for external objects, v2
• In auth-pam plugin clear the password after use
• cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
• Don’t run packet_id unit tests for –disable-crypto builds
• Fix Changes.rst layout
• Fix memory leak in x509_verify_cert_ku()
• mbedtls: correctly check return value in pkcs11_certificate_dn()
• Restore pre-NCP frame parameters for new sessions
• Always clear username/password from memory on error
• Document tls-crypt security considerations in man page
• Don’t assert out on receiving too-large control packets (CVE-2017-7478)
• Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)
• Set a low interface metric for tap adapter when block-outside-dns is in use