OpenVPN is a robust and easy to set up open source VPN daemon that allows several private networks to be linked together through an encrypted tunnel over the internet. For security, the OpenSSL library is used, which can handle all encryption, authentication and certification. The developers have released version 2.5.3 and the main changes in it are listed below for you.
- CVE-2121-3606 – OpenVPN windows builds could possibly load OpenSSL Config files from world writeable locations, thus posing a security risk to OpenVPN.
As a fix, disable OpenSSL config loading completely on Windows.
- disable connect-retry backoff for p2p (–secret) instances (Trac #1010, #1384)
- fix build with mbedtls w/o SSL renegotiation support
- Fix SIGSEGV (NULL deref) receiving push “echo” (Trac #1409)
- MSI installers: properly schedule reboot in the end of installation
- fix small memory leak in free_key_ctx for auth_token
- update copyright messages in files and –version output
- add –auth-token-user option (for –auth-token deployments without –auth-user-pass in client config)
- improve MSVC building for Windows
- official MSI installers will now contain arm64 drivers and binaries (x86, amd64, arm64)
|Operating systems||Windows 7, Linux, BSD, macOS, Solaris, UNIX, Windows Server 2008, Windows Server 2012, Windows 8, Windows 10, Windows Server 2019|