Package "openvpn"
| Name: |
openvpn
|
Description: |
virtual private network daemon
|
| Latest version: |
2.5.11-0ubuntu0.22.04.4 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
main |
| Homepage: |
https://openvpn.net/ |
Links
Download "openvpn"
Other versions of "openvpn" in Jammy
Changelog
|
openvpn (2.5.11-0ubuntu0.22.04.4) jammy-security; urgency=medium
* SECURITY UPDATE: metadata buffer leak
- debian/patches/CVE-2026-12932.patch: Clean up metadata handling in
tls_crypt_v2_extract_client_key in src/openvpn/ssl.h,
src/openvpn/ssl_common.h, src/openvpn/ssl.c, src/openvpn/tls_crypt.c,
tests/unit_tests/openvpn/Makefile.am,
tests/unit_tests/openvpn/test_tls_crypt.c.
- CVE-2026-12932
* SECURITY UPDATE: ack_write_buf use after free
- debian/patches/CVE-2026-12996.patch: Fix ack_write_buf use after free in
src/openvpn/ssl.c.
- CVE-2026-12996
* SECURITY UPDATE: DoS via memory leak with valid tls-crypt-v2 client key
- debian/patches/CVE-2026-13698.patch: Ensure tls-crypt keys are not setup
twice in src/openvpn/ssl.h, src/openvpn/tls_crypt.c.
- CVE-2026-13698
-- Marc Deslauriers <email address hidden> Wed, 08 Jul 2026 07:26:58 -0400
|
| Source diff to previous version |
| CVE-2026-13698 |
A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-cry |
|
|
openvpn (2.5.11-0ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: server ASSERT() via malformed packet
- debian/patches/CVE-2026-35058.patch: avoid interpreting opcode as
part of WKc in src/openvpn/tls_crypt.c,
tests/unit_tests/openvpn/test_tls_crypt.c.
- CVE-2026-35058
* SECURITY UPDATE: race condition in TLS handshake
- debian/patches/CVE-2026-40215-pre1.patch: double check that we do not
use a freed buffer when freeing a session in src/openvpn/ssl.c.
- debian/patches/CVE-2026-40215-pre2.patch: do not check key_state
buffers that are in S_UNDEF state in src/openvpn/ssl.c.
- debian/patches/CVE-2026-40215-pre3.patch: fix
check_session_buf_not_used using wrong index in src/openvpn/ssl.c.
- debian/patches/CVE-2026-40215.patch: ensure that buffer of freed
session are not used in src/openvpn/ssl.c.
- CVE-2026-40215
* Updated expired test certs
- debian/patches/renew-test-certs.patch
- debian/source/include-binaries: add sample/sample-keys/client.p12.
-- Marc Deslauriers <email address hidden> Thu, 23 Apr 2026 09:28:58 -0400
|
| Source diff to previous version |
|
openvpn (2.5.9-0ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: malicious peer can DoS or send garbage to logs
- debian/patches/CVE-2024-5594.patch: properly handle null bytes and
invalid characters in control messages in src/openvpn/buffer.*,
src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c.
- CVE-2024-5594
-- Marc Deslauriers <email address hidden> Thu, 27 Jun 2024 14:49:38 -0400
|
About
-
Send Feedback to @ubuntu_updates