Printable View
Hey guys,
Just a request....I love your product and I use TunnelVPN app all the time. It works perfect. Only thing is the OpenVPN version. It's still OpenVPN 2.4.0. Is there a way for the next update to get the latest version? Vunerabilities scares me like the Exec Code Overflow if you're not running at least 2.4.4
Cheers
I’m not associated with Untangle so we can wait for an authoritative response from staff. As I understand it, for most things Untangle relies on Debian’s versioning. Since the Debian maintainers patch their packages, upstream versions of something aren’t necessarily more secure. As always, the chief criticism of Debian isn’t security but features/capabilities.
Untangle is based on Debian 9 Stretch
Which thanks to this: https://packages.debian.org/search?keywords=openvpn
Reports OpenVPN v2.4.0-6+deb9u2
Which is nicely enough what dpkg says is installed on my Untangle server. Am I worried about it? No, because the Debian maintainers back port fixes, you need to do a ton more homework to know if this specific version has that specific problem.
Do you have a CVE Number? Because all I can find under Exec Code Overflow are OLD bugs, well patched.
https://www.cvedetails.com/vulnerabi...8/Openvpn.html
The most recent bug was patched on 6-13-2018... and yes it's installed in Untangle.
Are your referring to the client installed in the PC or server running on the Untangle server ? The PC app can be downloaded directly from OpenVPN site of you want the very latest and used with the Untangle client generated config file.
Sent from my LGUS997 using Tapatalk