UbuntuUpdates.org

Package "openvpn"

Name: openvpn

Description:

virtual private network daemon

Latest version: 2.5.11-0ubuntu0.22.04.4
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://openvpn.net/

Links


Download "openvpn"


Other versions of "openvpn" in Jammy

Repository Area Version
base main 2.5.5-1ubuntu3
updates main 2.5.11-0ubuntu0.22.04.4
backports main 2.6.12-0ubuntu0.24.04.3~bpo22.04.1

Changelog

Version: 2.5.11-0ubuntu0.22.04.4 2026-07-14 17:07:58 UTC

  openvpn (2.5.11-0ubuntu0.22.04.4) jammy-security; urgency=medium

  * SECURITY UPDATE: metadata buffer leak
    - debian/patches/CVE-2026-12932.patch: Clean up metadata handling in
      tls_crypt_v2_extract_client_key in src/openvpn/ssl.h,
      src/openvpn/ssl_common.h, src/openvpn/ssl.c, src/openvpn/tls_crypt.c,
      tests/unit_tests/openvpn/Makefile.am,
      tests/unit_tests/openvpn/test_tls_crypt.c.
    - CVE-2026-12932
  * SECURITY UPDATE: ack_write_buf use after free
    - debian/patches/CVE-2026-12996.patch: Fix ack_write_buf use after free in
      src/openvpn/ssl.c.
    - CVE-2026-12996
  * SECURITY UPDATE: DoS via memory leak with valid tls-crypt-v2 client key
    - debian/patches/CVE-2026-13698.patch: Ensure tls-crypt keys are not setup
      twice in src/openvpn/ssl.h, src/openvpn/tls_crypt.c.
    - CVE-2026-13698

 -- Marc Deslauriers <email address hidden> Wed, 08 Jul 2026 07:26:58 -0400

Source diff to previous version
CVE-2026-13698 A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-cry

Version: 2.5.11-0ubuntu0.22.04.3 2026-05-20 14:07:32 UTC

  openvpn (2.5.11-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: server ASSERT() via malformed packet
    - debian/patches/CVE-2026-35058.patch: avoid interpreting opcode as
      part of WKc in src/openvpn/tls_crypt.c,
      tests/unit_tests/openvpn/test_tls_crypt.c.
    - CVE-2026-35058
  * SECURITY UPDATE: race condition in TLS handshake
    - debian/patches/CVE-2026-40215-pre1.patch: double check that we do not
      use a freed buffer when freeing a session in src/openvpn/ssl.c.
    - debian/patches/CVE-2026-40215-pre2.patch: do not check key_state
      buffers that are in S_UNDEF state in src/openvpn/ssl.c.
    - debian/patches/CVE-2026-40215-pre3.patch: fix
      check_session_buf_not_used using wrong index in src/openvpn/ssl.c.
    - debian/patches/CVE-2026-40215.patch: ensure that buffer of freed
      session are not used in src/openvpn/ssl.c.
    - CVE-2026-40215
  * Updated expired test certs
    - debian/patches/renew-test-certs.patch
    - debian/source/include-binaries: add sample/sample-keys/client.p12.

 -- Marc Deslauriers <email address hidden> Thu, 23 Apr 2026 09:28:58 -0400

Source diff to previous version

Version: 2.5.9-0ubuntu0.22.04.3 2024-07-02 16:07:46 UTC

  openvpn (2.5.9-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: malicious peer can DoS or send garbage to logs
    - debian/patches/CVE-2024-5594.patch: properly handle null bytes and
      invalid characters in control messages in src/openvpn/buffer.*,
      src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c.
    - CVE-2024-5594

 -- Marc Deslauriers <email address hidden> Thu, 27 Jun 2024 14:49:38 -0400




About   -   Send Feedback to @ubuntu_updates