[slackware-security] openvpn

New openvpn packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openvpn-2.4.9-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: Fix illegal client float. Thanks to Le...

openvpn -- illegal client float can break VPN session for other users

Lev Stipakov and Gert Doering report: There is a time frame between allocating peer-id and initializing data channel key which is performed on receiving push request or on async push-reply in which the existing peer-id float checks do not work right. If a "rogue" data channel packet arrives durin...