Dear OpenVPN Security Team, I hope this message finds you well. I am writing to inquire about recent vulnerabilities disclosed in OpenVPN, specifically related to Data Channel Offload (DCO) and associated components.
Our current deployment uses OpenVPN version *2.6.12*, which appears to include patches for the vulnerabilities described under CVE-2024-27459, CVE-2024-24974, CVE-2024-27903, and CVE-2024-1305. However, I would like to confirm the following: 1. Are there additional security recommendations for mitigating potential exploitation of DCO-specific features? 2. Are there any newly identified vulnerabilities in OpenVPN 2.6.12 that have not yet been disclosed in advisories? 3. Could you provide more detailed guidance or best practices for hardening configurations against these and similar vulnerabilities? If you require any additional information from our side, I am happy to provide details within the limits of operational confidentiality. TNX, NETANEL
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
