Package "openvpn"

Name:	openvpn
Description:	virtual private network daemon
Latest version:	2.5.11-0ubuntu0.22.04.3
Release:	jammy (22.04)
Level:	security
Repository:	main
Homepage:	https://openvpn.net/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "openvpn"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "openvpn" in Jammy

Repository	Area	Version
base	main	2.5.5-1ubuntu3
updates	main	2.5.11-0ubuntu0.22.04.3
backports	main	2.6.12-0ubuntu0.24.04.3~bpo22.04.1

Changelog

Version: 2.5.11-0ubuntu0.22.04.3 2026-05-20 14:07:32 UTC

Version: 2.5.11-0ubuntu0.22.04.3	2026-05-20 14:07:32 UTC
openvpn (2.5.11-0ubuntu0.22.04.3) jammy-security; urgency=medium * SECURITY UPDATE: server ASSERT() via malformed packet - debian/patches/CVE-2026-35058.patch: avoid interpreting opcode as part of WKc in src/openvpn/tls_crypt.c, tests/unit_tests/openvpn/test_tls_crypt.c. - CVE-2026-35058 * SECURITY UPDATE: race condition in TLS handshake - debian/patches/CVE-2026-40215-pre1.patch: double check that we do not use a freed buffer when freeing a session in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215-pre2.patch: do not check key_state buffers that are in S_UNDEF state in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215-pre3.patch: fix check_session_buf_not_used using wrong index in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215.patch: ensure that buffer of freed session are not used in src/openvpn/ssl.c. - CVE-2026-40215 * Updated expired test certs - debian/patches/renew-test-certs.patch - debian/source/include-binaries: add sample/sample-keys/client.p12. -- Marc Deslauriers <email address hidden> Thu, 23 Apr 2026 09:28:58 -0400
Source diff to previous version

openvpn (2.5.11-0ubuntu0.22.04.3) jammy-security; urgency=medium * SECURITY UPDATE: server ASSERT() via malformed packet - debian/patches/CVE-2026-35058.patch: avoid interpreting opcode as part of WKc in src/openvpn/tls_crypt.c, tests/unit_tests/openvpn/test_tls_crypt.c. - CVE-2026-35058 * SECURITY UPDATE: race condition in TLS handshake - debian/patches/CVE-2026-40215-pre1.patch: double check that we do not use a freed buffer when freeing a session in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215-pre2.patch: do not check key_state buffers that are in S_UNDEF state in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215-pre3.patch: fix check_session_buf_not_used using wrong index in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215.patch: ensure that buffer of freed session are not used in src/openvpn/ssl.c. - CVE-2026-40215 * Updated expired test certs - debian/patches/renew-test-certs.patch - debian/source/include-binaries: add sample/sample-keys/client.p12. -- Marc Deslauriers <email address hidden> Thu, 23 Apr 2026 09:28:58 -0400

Source diff to previous version

Version: 2.5.9-0ubuntu0.22.04.3 2024-07-02 16:07:46 UTC

Version: 2.5.9-0ubuntu0.22.04.3	2024-07-02 16:07:46 UTC
`openvpn (2.5.9-0ubuntu0.22.04.3) jammy-security; urgency=medium * SECURITY UPDATE: malicious peer can DoS or send garbage to logs - debian/patches/CVE-2024-5594.patch: properly handle null bytes and invalid characters in control messages in src/openvpn/buffer.*, src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c. - CVE-2024-5594 -- Marc Deslauriers <email address hidden> Thu, 27 Jun 2024 14:49:38 -0400`

openvpn (2.5.9-0ubuntu0.22.04.3) jammy-security; urgency=medium * SECURITY UPDATE: malicious peer can DoS or send garbage to logs - debian/patches/CVE-2024-5594.patch: properly handle null bytes and invalid characters in control messages in src/openvpn/buffer.*, src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c. - CVE-2024-5594 -- Marc Deslauriers <email address hidden> Thu, 27 Jun 2024 14:49:38 -0400

About - Send Feedback to @ubuntu_updates

Package "openvpn"

Links

Download "openvpn"

Other versions of "openvpn" in Jammy

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

PPA updates