OpenVPN 2.4.2
-
Do you all know if OpenVPN is or going to be updated to 2.4.2 to support the recent vulnerabilities that were published everywhere?
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
OpenVPN 2.4.2
https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2017-7479
CVE-2017-7478
CVE-2017-7479 -
pfSense 2.4 has OpenVPN 2.4.2 in current snapshots
pfSense 2.3.4 has 2.3.14, we're going to get that updated to 2.3.15 but haven't yet decided on what type of update we'll push out for that.The OpenVPN client export package currently has both OpenVPN 2.4.2 and 2.3.15 windows installers.
-
Is there any way we can get manual updates to vulnerable packages or are we just expected to wait for the next major/minor release? For a system that sits on the front lines of a LAN, I really would prefer that it's as secure as possible. According to 'pkg audit', I have 4 packages that need patched in pfsense v2.3.4.