VPN Client release
- Week 45
- VPN Client 1.4.2
Frequency
The VPN Client occasionally receives updates. These release notes can also be found at Fleet Manager > Tools > VPN Client > Details.
Maintenance
- Updated bundled OpenSSL to version 1.1.1q
- Updated bundled OpenVPN to version 2.5.8
Security
- Updated bundled stunnel to version 5.67
Notes
Regarding OpenSSL vulnerabilities CVE-2022-3786 and CVE-2022-3602:
- the VPN Client and OpenVPN are built with OpenSSL 1.1.1 and are not vulnerable.
- stunnel:
- Windows and macOS: 5.67 is built with OpenSSL 3.0.7, which addresses the CVEs.
- Linux: the package manager’s stunnel is used, which usually dynamically links to the system OpenSSL version. Consult your distribution if you need to update your stunnel and/or OpenSSL packages.
For more information refer to the advisory INF-2022-11-03 - OpenSSL vulnerabilities & VPN Client