mirror of
https://github.com/openwrt/packages.git
synced 2025-08-14 13:23:00 +00:00
f52f437070
This is a bugfix release containing security fixes. Security Fixes (included in 2.6.7): CVE-2023-46850 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly use a send buffer after it has been free()d in some circumstances, causing some free()d memory to be sent to the peer. All configurations using TLS (e.g. not using --secret) are affected by this issue. CVE-2023-46849 OpenVPN versions between 2.6.0 and 2.6.6 incorrectly restore --fragment configuration in some circumstances, leading to a division by zero when --fragment is used. On platforms where division by zero is fatal, this will cause an OpenVPN crash. For details refer to https://github.com/OpenVPN/openvpn/blob/v2.6.8/Changes.rst Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
763 B
763 B