Keksjdjdke 35 Posted ... Multiple security Vulnerabilities were found in Openvpn 2.4.1. OpenVPN 2.4.1 was simultaneously reviewed by Quarkslab (funded by OSTIF).Here is a link to the audit information. https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits Quote Share this post Link to post
Staff 9972 Posted ... Hello! AirVPN is the 4th OSTIF top donor:https://ostif.org/top-ostif-donors/ We contributed specifically for the OpenVPN audit. We're glad to see that the audit completed quickly and that no serious security vulnerabilities have been found client-side. Even server-side, the only two security issues are not particularly worrying. A denial of service can be triggered by a client sending at least 196 GB in a certain way, while another denial of service can be caused by having the tls-auth key. Let's remember anyway that the bug bounty remains open. Our upgrade schedules sever-side remain unchanged, as well as Air client software release cycle. Each new release of our software is packaged with the latest OpenVPN version and keep in mind that you can configure the software to use any OpenVPN version you prefer. Kind regards 5 Keksjdjdke, Mizu, Blade Runner and 2 others reacted to this Quote Share this post Link to post
trekkie.forever 6 Posted ... Since I am unsure what you're server side upgrade schedule is, can you please advise by approximately when the servers will be updated to 2.4.2? Thanks. Quote Share this post Link to post