OpenSSL update (v38 - OSX and Windows)

Dear Private Internet Access customers,

On June 5th 2014, the OpenSSL project has released a security advisory[1] with multiple fixes of vulnerabilities found in OpenSSL and fixed in the latest version.

All of our servers running OpenSSL have been updated. The OSX client has also been updated. We're working on updating our windows client and it will be updated as soon as possible.

Keep in mind that even if you're running an older client, your data is safe since both server and client need to be vulnerable in order for CVE-2014-0224 to be exploitable.

Thank you again for entrusting us with your business. Be aware that we take your privacy and security as our utmost priority.

Comments

  • Now we're talking. Thanks, meno. :-bd
  • Much better. ;) Will the Linux app be similarly updated? The changelog didn't say to which version of openssl it had been updated to at the end of May.
  • Much better. ;) Will the Linux app be similarly updated? The changelog didn't say to which version of openssl it had been updated to at the end of May.
    It needs to be updated since OpenSSL was only patched for the new vulnerabilities either today or yesterday, although meno mentions that for now "data is safe since both server and client need to be vulnerable in order for CVE-2014-0224 to be exploitable," and the server side is currently patched.
  • Much better. ;) Will the Linux app be similarly updated? The changelog didn't say to which version of openssl it had been updated to at the end of May.
    It needs to be updated since OpenSSL was only patched for the new vulnerabilities either today or yesterday, although meno mentions that for now "data is safe since both server and client need to be vulnerable in order for CVE-2014-0224 to be exploitable," and the server side is currently patched.
    I realise that it 'needs' to be updated, but PIA's recent history shows that what 'needs' to happen and what 'actually' happens are two different beasts entirely. ;)
  • Windows client now updated. v38.
  • So now the old changelog thread (with reams of unanswered questions and criticism of PIA's recent practices) has been deleted without so much as the courtesy of a single reply?
    :-w
  • edited June 2014
    So now the old changelog thread (with reams of unanswered questions and criticism of PIA's recent practices) has been deleted without so much as the courtesy of a single reply?
    :-w


    It's here

  • @shadow Nicely spotted, thanks. I guess it's just been unpinned. @meno is that thread ever going to be answered? It's great that you have posted a couple of decent threads this week, but please don't make them hit-and-run. :(
  • Can anyone verify these hashes for the Windows client?

    MD5: 04360812EA571A36F18B669203D3F6DF

    SHA-1: 84E9A09EE7E36DF9FE00C6278BBF3CCB98C33DC0

    SHA-256: 7A5D9F937768E33F3FA86B5740E0312C12CC890F429A922892A641B34A906C7B
  • edited June 2014
    Can anyone verify these hashes for the Windows client?

    MD5: 04360812EA571A36F18B669203D3F6DF

    SHA-1: 84E9A09EE7E36DF9FE00C6278BBF3CCB98C33DC0

    SHA-256: 7A5D9F937768E33F3FA86B5740E0312C12CC890F429A922892A641B34A906C7B
    Adler32: 12426E4A
    BTIH: 8503718CC34EDF54201E8BDFABD03DAA02BC365A
    CRC32: 9CA324E2
    ED2K: 35880515313496A56F415B897DB40FD6
    GOST: B66CA6B4034551E3294F47066517A7DFA7F49D8CC080794FDD5F307A25041B33
    MD2: 267DEDD639B0278257CD4CB3C28FA713
    MD4: E0BE5245F2092BED36FBDA0113127730
    MD5: 04360812EA571A36F18B669203D3F6DF
    RIPEMD-128: 4841B691C494161FCD26D0C6F4A1838F
    RIPEMD-256: C7E1BE0DB4152F6180A188FF08F5082E5E544469283D636A060EE321A38BCA5B
    RIPEMD-320: 81B9821E0D5F59EA8FDCA820BD70D4EB643BC9B0A2B594FE5ED72815A37489A3DADD60BC8F37CD5D
    SHA-1: 84E9A09EE7E36DF9FE00C6278BBF3CCB98C33DC0
    SHA-256: 7A5D9F937768E33F3FA86B5740E0312C12CC890F429A922892A641B34A906C7B
    SHA-384: C27A23DDD3E1A10C651F38F5CF7D2A2431648FE7C4E7E6C6DD3875A50DE2E8F6D542A4D86DD1961187BE25487E371513
    SHA-512: C00944C74FE03B5ED08E2C46157F924D7EE099C34733F52FD59B809A5AE47C21EF6D0D3EED1CFE7EF38F1DB46315AF20370E6DA6D7BD73A5D8641D86689495E7
    SHA3-224: 91B2B219E7AFEFAD46FC1FAF57EC3D97F4E8C612AD6078934133EC81
    SHA3-256: FAE4BF6762C47D6842C95CB9F873C31F062A23FF311663EC524BAF7540FA6741
    SHA3-384: 22C128B6B7451FC9BCA8793C6F5A0A47E85E0F98E5CD4501A026BCE82394D1435608AF9E640398959A7B20B5DE4B0F9A
    SHA3-512: 9CFEBF31C4056783359751DD29FE10A9ECCAE51F5E42EA2A570E5BAEF2A60E1C34524F55D90103FB42D6ADB95DB25F38E605443C02364A51205B6BBC82C34446
    TTH: 46GIH76VNYPUW7ZJ2LZQKJM3NVNFUCUJAWIVEJQ
    Tiger: 84C105000B68D878186013DB706238D195E33C6395F8DFDB
    Whirlpool: E4117C51E24CC88135AEC394E13D2DA08E42144E265D2751DBCD19E4A46294D944E9A5D657E7D3371B56823A7E9D266349A6637262D320222D73693BD5597AD9

  • Sweet. Thanks @OmniNegro. That at least tells me that I have the same version as you, even if we both got one that has been tampered with. If PIA is going to continue to use closed source, it would be nice if they would provide the hashes for us to compare ours against.
  • Thank you for finally making a high-res icon! that fuzzy looking thing was annoying as all hell
  • Will there be an update to the android version?
Sign In or Register to comment.