Package "openvpn"

Name:	openvpn
Description:	virtual private network daemon
Latest version:	2.6.12-0ubuntu0.24.04.3
Release:	noble (24.04)
Level:	security
Repository:	main
Homepage:	https://openvpn.net/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "openvpn"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "openvpn" in Noble

Repository	Area	Version
base	main	2.6.9-1ubuntu4
updates	main	2.6.12-0ubuntu0.24.04.3

Changelog

Version: 2.6.12-0ubuntu0.24.04.3 2025-04-03 16:07:13 UTC

openvpn (2.6.12-0ubuntu0.24.04.3) noble-security; urgency=medium * SECURITY UPDATE: denial of service issue - debian/patches/CVE-2025-2704.patch: allow tls-crypt-v2 to be setup only on initial packet of a session in src/openvpn/ssl.c, src/openvpn/ssl_common.h, src/openvpn/ssl_pkt.c, src/openvpn/ssl_pkt.h, src/openvpn/tls_crypt.c, src/openvpn/tls_crypt.h, tests/unit_tests/openvpn/test_tls_crypt.c. - CVE-2025-2704 -- Marc Deslauriers <email address hidden> Tue, 01 Apr 2025 12:06:17 -0400

Source diff to previous version

CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and repla

Version: 2.6.9-1ubuntu4.1 2024-07-02 16:08:03 UTC

Version: 2.6.9-1ubuntu4.1	2024-07-02 16:08:03 UTC
openvpn (2.6.9-1ubuntu4.1) noble-security; urgency=medium * SECURITY UPDATE: client can circumvent management client-kill - debian/patches/CVE-2024-28882.patch: only schedule_exit() once in src/openvpn/forward., src/openvpn/push.c. - CVE-2024-28882 SECURITY UPDATE: malicious peer can DoS or send garbage to logs - debian/patches/CVE-2024-5594.patch: properly handle null bytes and invalid characters in control messages in src/openvpn/buffer.*, src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c. - CVE-2024-5594 -- Marc Deslauriers <email address hidden> Thu, 27 Jun 2024 14:21:42 -0400

openvpn (2.6.9-1ubuntu4.1) noble-security; urgency=medium * SECURITY UPDATE: client can circumvent management client-kill - debian/patches/CVE-2024-28882.patch: only schedule_exit() once in src/openvpn/forward.*, src/openvpn/push.c. - CVE-2024-28882 * SECURITY UPDATE: malicious peer can DoS or send garbage to logs - debian/patches/CVE-2024-5594.patch: properly handle null bytes and invalid characters in control messages in src/openvpn/buffer.*, src/openvpn/forward.c, tests/unit_tests/openvpn/test_buffer.c. - CVE-2024-5594 -- Marc Deslauriers <email address hidden> Thu, 27 Jun 2024 14:21:42 -0400

About - Send Feedback to @ubuntu_updates

Package "openvpn"

Links

Download "openvpn"

Other versions of "openvpn" in Noble

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates