Package "openvpn"

Name:	openvpn
Description:	virtual private network daemon
Latest version:	2.5.11-0ubuntu0.22.04.3
Release:	jammy (22.04)
Level:	updates
Repository:	main
Homepage:	https://openvpn.net/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "openvpn"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "openvpn" in Jammy

Repository	Area	Version
base	main	2.5.5-1ubuntu3
security	main	2.5.11-0ubuntu0.22.04.3
backports	main	2.6.12-0ubuntu0.24.04.3~bpo22.04.1

Changelog

Version: 2.5.11-0ubuntu0.22.04.3 2026-05-20 16:07:33 UTC

Version: 2.5.11-0ubuntu0.22.04.3	2026-05-20 16:07:33 UTC
openvpn (2.5.11-0ubuntu0.22.04.3) jammy-security; urgency=medium * SECURITY UPDATE: server ASSERT() via malformed packet - debian/patches/CVE-2026-35058.patch: avoid interpreting opcode as part of WKc in src/openvpn/tls_crypt.c, tests/unit_tests/openvpn/test_tls_crypt.c. - CVE-2026-35058 * SECURITY UPDATE: race condition in TLS handshake - debian/patches/CVE-2026-40215-pre1.patch: double check that we do not use a freed buffer when freeing a session in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215-pre2.patch: do not check key_state buffers that are in S_UNDEF state in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215-pre3.patch: fix check_session_buf_not_used using wrong index in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215.patch: ensure that buffer of freed session are not used in src/openvpn/ssl.c. - CVE-2026-40215 * Updated expired test certs - debian/patches/renew-test-certs.patch - debian/source/include-binaries: add sample/sample-keys/client.p12. -- Marc Deslauriers <email address hidden> Thu, 23 Apr 2026 09:28:58 -0400
Source diff to previous version

openvpn (2.5.11-0ubuntu0.22.04.3) jammy-security; urgency=medium * SECURITY UPDATE: server ASSERT() via malformed packet - debian/patches/CVE-2026-35058.patch: avoid interpreting opcode as part of WKc in src/openvpn/tls_crypt.c, tests/unit_tests/openvpn/test_tls_crypt.c. - CVE-2026-35058 * SECURITY UPDATE: race condition in TLS handshake - debian/patches/CVE-2026-40215-pre1.patch: double check that we do not use a freed buffer when freeing a session in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215-pre2.patch: do not check key_state buffers that are in S_UNDEF state in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215-pre3.patch: fix check_session_buf_not_used using wrong index in src/openvpn/ssl.c. - debian/patches/CVE-2026-40215.patch: ensure that buffer of freed session are not used in src/openvpn/ssl.c. - CVE-2026-40215 * Updated expired test certs - debian/patches/renew-test-certs.patch - debian/source/include-binaries: add sample/sample-keys/client.p12. -- Marc Deslauriers <email address hidden> Thu, 23 Apr 2026 09:28:58 -0400

Source diff to previous version

Version: 2.5.11-0ubuntu0.22.04.1 2024-10-10 21:07:17 UTC

openvpn (2.5.11-0ubuntu0.22.04.1) jammy; urgency=medium * New upstream release 2.5.11 (LP: #2073318): - CVE Fixes: + CVE-2024-5594, CVE-2024-27459, CVE-2024-24974, CVE-2024-27903 - Updates: + Allow trailing \r and \n in control channel message + See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn25 for additional bug fixes and information * Remove patches fixed upstream: - d/p/CVE-2024-5594.patch [Fixed in 2.5.11] -- Lena Voytek <email address hidden> Tue, 17 Sep 2024 13:25:49 -0700

Source diff to previous version

2073318	Backport of openvpn for jammy and noble
CVE-2024-27459	The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary
CVE-2024-24974	The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to inter
CVE-2024-27903	OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in

Version: 2.5.9-0ubuntu0.22.04.3 2024-07-02 17:07:08 UTC

Version: 2.5.9-0ubuntu0.22.04.3	2024-07-02 17:07:08 UTC
`openvpn (2.5.9-0ubuntu0.22.04.3) jammy-security; urgency=medium * SECURITY UPDATE: malicious peer can DoS or send garbage to logs - debian/patches/CVE-2024-5594.patch: properly handle null bytes and invalid characters in control messages in src/openvpn/buffer.*, src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c. - CVE-2024-5594 -- Marc Deslauriers <email address hidden> Thu, 27 Jun 2024 14:49:38 -0400`
Source diff to previous version

openvpn (2.5.9-0ubuntu0.22.04.3) jammy-security; urgency=medium * SECURITY UPDATE: malicious peer can DoS or send garbage to logs - debian/patches/CVE-2024-5594.patch: properly handle null bytes and invalid characters in control messages in src/openvpn/buffer.*, src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c. - CVE-2024-5594 -- Marc Deslauriers <email address hidden> Thu, 27 Jun 2024 14:49:38 -0400

Source diff to previous version

Version: 2.5.9-0ubuntu0.22.04.2	2023-11-30 18:07:11 UTC
`openvpn (2.5.9-0ubuntu0.22.04.2) jammy; urgency=medium * d/rules: Use --with-openssl-engine=yes during configuration to maintain the existing behavior of technically allowing openssl engine access in jammy. For more information see https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2004676/comments/6`
Source diff to previous version

Version: 2.5.5-1ubuntu3.1 2022-11-16 03:06:55 UTC

openvpn (2.5.5-1ubuntu3.1) jammy; urgency=medium * d/p/openssl-3/*.patch: backport upstream patch set to better support OpenSSL 3 (LP: #1975574) -- Lucas Kanashiro <email address hidden> Thu, 14 Jul 2022 11:21:14 -0300

1975574

OpenSSL 3.0 support in OpenVPN 2.5

About - Send Feedback to @ubuntu_updates

Package "openvpn"

Links

Download "openvpn"

Other versions of "openvpn" in Jammy

Changelog

Share this page

Bookmarks

Latest updates

updates

PPA updates