[Announcement] Tinc version 1.0.21 and 1.1pre7 released

Saverio Proto zioproto at gmail.com
Tue Apr 23 14:14:31 CEST 2013


OpenWRT trunk packages repository has been updated today.

Saverio


2013/4/22 Guus Sliepen <guus at tinc-vpn.org>:
> Because of a security vulnerability in tinc that was recently discovered, we
> hereby release tinc versions 1.0.21 and 1.1pre7. Here is a summary of the
> changes in tinc 1.0.21:
>
>  * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
>
> Here is a summary of the changes in tinc 1.1pre7:
>
>  * Fixed large latencies on Windows.
>  * Renamed the tincctl tool to tinc.
>  * Simplified changing the configuration using the tinc tool.
>  * Added a full description of the ExperimentalProtocol to the manual.
>  * Drop packets forwarded via TCP if they are too big (CVE-2013-1428).
>
> Thanks to Martin Schobert for auditing tinc and reporting the vulnerability.
> He discovered a potential stack overflow that can be triggered by an
> authenticated peer. This can be used to cause a tinc daemon to crash, or in the
> worst case, it might be possible to execute code on another node as the user
> running tincd. This bug has been present in all versions of tinc. All users of
> tinc should upgrade to 1.0.21 or 1.1pre7 as soon as possible.
>
> --
> Met vriendelijke groet / with kind regards,
>      Guus Sliepen <guus at tinc-vpn.org>
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>


More information about the tinc mailing list