UbuntuUpdates.org

Package "openvpn"


Moved to noble:main:updates


Name: openvpn

Description:

virtual private network daemon
Latest version: *DELETED*
Release: noble (24.04)
Level: proposed
Repository: main
Homepage: https://openvpn.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "openvpn"

APT INSTALL

Other versions of "openvpn" in Noble

Repository Area Version
base main 2.6.9-1ubuntu4
security main 2.6.9-1ubuntu4.1
updates main 2.6.12-0ubuntu0.24.04.1

Changelog

Version: *DELETED* 2024-10-16 05:07:21 UTC
Moved to noble:main:updates
No changelog for deleted or moved packages.

Version: 2.6.12-0ubuntu0.24.04.1 2024-10-02 21:06:53 UTC

  openvpn (2.6.12-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream release 2.6.12 (LP: #2073318):
    - CVE Fixes:
      + CVE-2024-4877, CVE-2024-5594, CVE-2024-28882, CVE-2024-27459,
        CVE-2024-24974, CVE-2024-27903
    - Updates:
      + Allow trailing \r and \n in control channel message
      + Implement --server-poll-timeout on SOCKS proxies
      + Implement Windows CA template match for Crypto-API selector
      + Update sample configuration files
      + Update systemd unit file documentation references
    - Bug Fixes Include:
      + Fix issue with proxy credentials caching
      + Fix LibreSSL crashing when enumerating digests/cipher with workaround
      + Use snprintf instead of sprintf for get_ssl_library_version
      + Fix disabling DCO when proxy is set via management interface
      + See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26 for
        additional bug fixes and information
  * Remove patches fixed upstream:
    - d/p/systemd.patch
    [Fixed in 2.6.10]
    - d/p/CVE-2024-28882.patch
    - d/p/CVE-2024-5594.patch
    [Fixed in 2.6.11]

 -- Lena Voytek <email address hidden> Tue, 17 Sep 2024 10:27:52 -0700
2073318 Backport of openvpn for jammy and noble
CVE-2024-28882 OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a
CVE-2024-27459 The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary
CVE-2024-24974 The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to inter
CVE-2024-27903 OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in


About   -   Send Feedback to @ubuntu_updates