### Latest stable release
-[[!inline pages="news/release-1.0.35" template=newsitemnoheader feeds="no"]]
+[[!inline pages="news/release-1.0.35-and-1.1pre17" template=newsitemnoheader feeds="no"]]
<a name="1.0.35"></a><table>
<tr><td>**Version**<td>1.0.35
### Latest pre-release from the 1.1 branch
-[[!inline pages="news/release-1.1pre17" template=newsitemnoheader feeds="no"]]
+[[!inline pages="news/release-1.0.35-and-1.1pre17" template=newsitemnoheader feeds="no"]]
<a name="1.1pre17"></a><table>
<tr><td>**Version**<td>1.1pre17
* Prevent oracle attacks (CVE-2018-16737, CVE-2018-16738).
* Prevent a MITM from forcing a NULL cipher for UDP (CVE-2018-16758).
-Thanks to Michael Yonli for auditing tinc and reporting these vulnerabilities.
-
-[[!toggle id="fulltext" text="Show full text."]]
-
-[[!toggleable id="fulltext" text="""
-Michael Yonli discovered two security flaws. The first is an issue with the implementation of the authentication protocol used in tinc 1.0, which allows a remote attacker to establish an authenticated connection with a node in the VPN, and send messages one-way. In tinc 1.0.29 and earlier, this is unfortunately trivial to exploit. In tinc 1.0.30 to 1.0.34, the mitigations implemented for the Sweet32 attack also make this attack much harder, but in principle still possible. This is fixed in tinc 1.0.35.
-
-The second issue allows a man-in-the-middle that has intercepted the TCP connection between two nodes, to potentially force one of the nodes to start sending unencrypted UDP packets. This is also fixed in tinc 1.0.35.
-
-The new protocol used in tinc 1.1 is not affected by these vulnerabilities. However, since it is backwards compatible with tinc 1.0, it uses the legacy protocol when communicating with tinc 1.0 nodes. Tinc 1.1pre17 fixes the first issue, and it wasn't vulnerable to the second issue to begin with.
-"""]]
+Thanks to Michael Yonli for auditing tinc and reporting these vulnerabilities. For more information, see the [[security]] page.
The following list contains advisories for security issues in tinc in old versions:
- [CVE-2018-16758](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16758):
- Tinc 1.0.34 and earlier allow a [man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
+ Michael Yonli discovered that tinc 1.0.34 and earlier allow a [man-in-the-middle attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack)
that, even if the MITM cannot decrypt the traffic sent between the two
endpoints, when the MITM can correctly predict when an ephemeral key exchange
message is sent in a TCP connection between two nodes, allows the MITM to
The tinc 1.1pre versions are not affected by this.
- [CVE-2018-16738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16738):
- Tinc versions 1.0.30 to 1.0.34 allow an [oracle attack](https://en.wikipedia.org/wiki/Oracle_attack),
+ Michael Yonli discoverd that tinc versions 1.0.30 to 1.0.34 allow an [oracle attack](https://en.wikipedia.org/wiki/Oracle_attack),
similar to CVE-2018-16737, but due to the mitigations put in place for the Sweet32
attack in tinc 1.0.30, it now requires a [timing attack](https://en.wikipedia.org/wiki/Timing_attack)
that has only a limited time to complete.
VPN that still use the legacy protocol from tinc version 1.0.x.
- [CVE-2018-16737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16737):
- Tinc 1.0.29 and earlier allow an [oracle attack](https://en.wikipedia.org/wiki/Oracle_attack)
+ Michael Yonly discovered that tinc 1.0.29 and earlier allow an [oracle attack](https://en.wikipedia.org/wiki/Oracle_attack)
that could allow a remote attacker to establish one-way communication with a
tinc node, allowing it to send fake control messages and inject packets into
the VPN. The attack takes only a few seconds to complete.
projects / wiki / commitdiff