New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix 7 vulnerabilities, add softether.net after-2038 year certificate hash, add vpncmd message about Developer Edition #1911
Merged
davidebeatrici
merged 8 commits into
SoftEtherVPN:master
from
dnobori:230928_dnobori_security_fix
Oct 9, 2023
Merged
Fix 7 vulnerabilities, add softether.net after-2038 year certificate hash, add vpncmd message about Developer Edition #1911
davidebeatrici
merged 8 commits into
SoftEtherVPN:master
from
dnobori:230928_dnobori_security_fix
Oct 9, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SoftEther VPN vpnserver WpcParsePacket () heap-based buffer overflow vulnerability https://www.softether.org/9-about/News/904-SEVPN202301 https://jvn.jp/en/jp/JVN64316789/
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability https://www.softether.org/9-about/News/904-SEVPN202301 https://jvn.jp/en/jp/JVN64316789/
I was worried about security fixes made on recent a few years are not imported to the developer edition. Thanks for clarifying the difference between editions and importing security fixes! |
davidebeatrici
force-pushed
the
230928_dnobori_security_fix
branch
from
October 5, 2023 11:22
f3f6f68
to
964598b
Compare
When memory is released and reallocated, a random security value called a canary is written to the before/after area of memory, and if the value has been modified, the process is terminated (restarted) for safety, assuming it is a buffer overflow of the memory area. This feature may effectively prevent confidentiality or integrity violations in the event that some heap area overflow vulnerability is discovered in this system in the future.
SoftEther VPN CtEnumCa () information disclosure vulnerability https://www.softether.org/9-about/News/904-SEVPN202301 https://jvn.jp/en/jp/JVN64316789/
…TALOS-2023-1755 SoftEther VPN CiRpcAccepted () authentication bypass vulnerability and SoftEther VPN CiRpcServerThread () MitM authentication bypass vulnerability https://www.softether.org/9-about/News/904-SEVPN202301 https://jvn.jp/en/jp/JVN64316789/
davidebeatrici
force-pushed
the
230928_dnobori_security_fix
branch
from
October 7, 2023 02:43
964598b
to
5429d16
Compare
SoftEther VPN vpnserver ConnectionAccept () denial of service vulnerability
…Nobori. These certificates will be used to University of Tsukuba's built-in "softether.net" DDNS server after year 2038.
…e difference from the Stable Editon by Daiyuu Nobori
davidebeatrici
force-pushed
the
230928_dnobori_security_fix
branch
from
October 9, 2023 15:14
5429d16
to
6dbf7e9
Compare
davidebeatrici
approved these changes
Oct 9, 2023
freebsd-git
pushed a commit
to freebsd/freebsd-ports
that referenced
this pull request
Oct 11, 2023
Fix 7 vulnerabilities [1]. Security: CVE-2023-27395 Security: CVE-2023-22325 Security: CVE-2023-32275 Security: CVE-2023-27516 Security: CVE-2023-32634 Security: CVE-2023-31192 Security: CVE-2023-25774 [1] SoftEtherVPN/SoftEtherVPN#1911 (cherry picked from commit 6c1adb1)
freebsd-git
pushed a commit
to freebsd/freebsd-ports
that referenced
this pull request
Oct 11, 2023
Fix 7 vulnerabilities [1]. Security: CVE-2023-27395 Security: CVE-2023-22325 Security: CVE-2023-32275 Security: CVE-2023-27516 Security: CVE-2023-32634 Security: CVE-2023-31192 Security: CVE-2023-25774 [1] SoftEtherVPN/SoftEtherVPN#1911
lsalvadore
pushed a commit
to lsalvadore/freebsd-ports
that referenced
this pull request
Oct 15, 2023
Fix 7 vulnerabilities [1]. Security: CVE-2023-27395 Security: CVE-2023-22325 Security: CVE-2023-32275 Security: CVE-2023-27516 Security: CVE-2023-32634 Security: CVE-2023-31192 Security: CVE-2023-25774 [1] SoftEtherVPN/SoftEtherVPN#1911
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(1) Fix Vulnerability: CVE-2023-27395 TALOS-2023-1735
SoftEther VPN vpnserver WpcParsePacket () heap-based buffer overflow vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
(2) Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
(3) Fix Vulnerability: CVE-2023-32275 TALOS-2023-1753
SoftEther VPN CtEnumCa () information disclosure vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
(4) Fix Vulnerability: CVE-2023-27516 TALOS-2023-1754
SoftEther VPN CiRpcAccepted () authentication bypass vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
(5) Fix Vulnerability: CVE-2023-32634 TALOS-2023-1755
SoftEther VPN CiRpcServerThread () MitM authentication bypass vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
(6) Fix Vulnerability: CVE-2023-31192 TALOS-2023-1768
SoftEther VPN ClientConnect () information disclosure vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
(7) Fix Vulnerability: CVE-2023-25774 TALOS-2023-1743
SoftEther VPN vpnserver ConnectionAccept () denial of service vulnerability
(8) Add four new certificate hashes to the DDNS_CERT_HASH list by Daiyuu Nobori. These certificates will be used to University of Tsukuba's built-in "softether.net" DDNS server after year 2038.
(9) Showing an explanation of the purpose of the Developer Edition and the difference from the Stable Editon by Daiyuu Nobori