Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
21.1.5 - OpenVPN Vulnerability
« previous
next »
Print
Pages: [
1
]
Author
Topic: 21.1.5 - OpenVPN Vulnerability (Read 2728 times)
spetrillo
Hero Member
Posts: 721
Karma: 8
21.1.5 - OpenVPN Vulnerability
«
on:
April 22, 2021, 07:53:32 pm »
Hello all,
I just upgraded one firewall to 21.1.5. It went fine with the exception of the current OpenVPN software having a vulnerability. Do we have an updated OpenVPN topatch the vulnerability?
Thanks,
Steve
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: 21.1.5 - OpenVPN Vulnerability
«
Reply #1 on:
April 22, 2021, 07:58:39 pm »
Hi Steve,
Not yet. We deferred the OpenVPN 2.5 update for multiple reasons but tomorrow I will try to provide a full package for testing.
Long story short: FreeBSD removed a patch we do run and also denies building on LibreSSL which are not good signals, but we can work through it.
As for hotfixing 21.1.5 or releasing 21.1.6 soon I am not so sure. I also need to check if 2.4.x is vulnerable at all...
Cheers,
Franco
Logged
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: 21.1.5 - OpenVPN Vulnerability
«
Reply #2 on:
April 22, 2021, 08:14:28 pm »
Hi Franco,
No worries...I do not use OpenVPN yet, so I can wait for 2.5.
Thanks,
Steve
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: 21.1.5 - OpenVPN Vulnerability
«
Reply #3 on:
April 23, 2021, 09:56:10 am »
So OpenVPN also released 2.4.10 and 2.4.11[1], the latter specifically fixing the security issues mentioned here. We are likely going to update to this version even though it won't appease the vulnerability tracker (it only checks for <= 2.5.1).
If a hotfix is considered I don't know at this point.
Cheers,
Franco
[1]
https://github.com/opnsense/ports/commit/87d3ddee18
«
Last Edit: April 23, 2021, 11:04:14 am by franco
»
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: 21.1.5 - OpenVPN Vulnerability
«
Reply #4 on:
April 29, 2021, 09:07:38 pm »
Also see
https://github.com/opnsense/core/issues/4961
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
21.1.5 - OpenVPN Vulnerability