UbuntuUpdates.org

Package "openvpn"

Name: openvpn

Description:

virtual private network daemon

Latest version: 2.6.19-0ubuntu0.24.04.3
Release: noble (24.04)
Level: updates
Repository: main
Homepage: https://openvpn.net/

Links


Download "openvpn"


Other versions of "openvpn" in Noble

Repository Area Version
base main 2.6.9-1ubuntu4
security main 2.6.19-0ubuntu0.24.04.3

Changelog

Version: 2.6.19-0ubuntu0.24.04.3 2026-07-14 19:08:02 UTC

  openvpn (2.6.19-0ubuntu0.24.04.3) noble-security; urgency=medium

  * SECURITY UPDATE: buffer overrun via NTLMv2 proxy responses
    - debian/patches/CVE-2026-11771.patch: Fix 1-byte buffer overrun on NTLMv2
      proxy responses. in src/openvpn/ntlm.c.
    - CVE-2026-11771
  * SECURITY UPDATE: metadata buffer leak
    - debian/patches/CVE-2026-12932-pre1.patch: Zeroize tls-crypt-v2 client
      keys in src/openvpn/ssl_pkt.c, src/openvpn/tls_crypt.c.
    - debian/patches/CVE-2026-12932.patch: Clean up metadata handling in
      tls_crypt_v2_extract_client_key in src/openvpn/ssl.h,
      src/openvpn/ssl_common.h, src/openvpn/ssl_pkt.c, src/openvpn/tls_crypt.c,
      tests/unit_tests/openvpn/test_tls_crypt.c.
    - CVE-2026-12932
  * SECURITY UPDATE: ack_write_buf use after free
    - debian/patches/CVE-2026-12996.patch: Fix ack_write_buf use after free in
      src/openvpn/ssl.c.
    - CVE-2026-12996
  * SECURITY UPDATE: tls_wrap_reneg use after free
    - debian/patches/CVE-2026-13117.patch: Fix tls_wrap_reneg use after free in
      src/openvpn/ssl.c.
    - CVE-2026-13117
  * SECURITY UPDATE: DoS via malformed authentication token
    - debian/patches/CVE-2026-13122.patch: Ensure we only get the session from
      valid tokens for external-auth in doc/man-sections/server-options.rst,
      src/openvpn/auth_token.c, src/openvpn/auth_token.h,
      src/openvpn/ssl_verify.c, tests/unit_tests/openvpn/test_auth_token.c.
    - CVE-2026-13122
  * SECURITY UPDATE: DoS via memory leak with valid tls-crypt-v2 client key
    - debian/patches/CVE-2026-13698.patch: Ensure tls-crypt keys are not setup
      twice in src/openvpn/ssl.c, src/openvpn/ssl.h, src/openvpn/ssl_pkt.c,
      src/openvpn/ssl_pkt.h, src/openvpn/tls_crypt.c, src/openvpn/tls_crypt.h,
      tests/unit_tests/openvpn/test_tls_crypt.c.
    - CVE-2026-13698

 -- Marc Deslauriers <email address hidden> Tue, 07 Jul 2026 19:00:45 -0400

Source diff to previous version
CVE-2026-13122 OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication
CVE-2026-13698 A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-cry

Version: 2.6.19-0ubuntu0.24.04.2 2026-05-20 16:07:36 UTC

  openvpn (2.6.19-0ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: server ASSERT() via malformed packet
    - debian/patches/CVE-2026-35058.patch: avoid interpreting opcode as
      part of WKc in src/openvpn/tls_crypt.c,
      tests/unit_tests/openvpn/test_tls_crypt.c.
    - CVE-2026-35058
  * SECURITY UPDATE: race condition in TLS handshake
    - debian/patches/CVE-2026-40215.patch: ensure that buffer of freed
      session are not used in src/openvpn/ssl.c.
    - CVE-2026-40215

 -- Marc Deslauriers <email address hidden> Thu, 23 Apr 2026 09:09:25 -0400

Source diff to previous version

Version: 2.6.19-0ubuntu0.24.04.1 2026-03-05 19:07:50 UTC

  openvpn (2.6.19-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream version 2.6.19 (LP: #2127658):
    - CVE Fixes:
      + CVE-2025-13086
    - Updates:
      + Disable DCO if --bind-dev option is given
    - Bug Fixes:
      + Fix incorrect file descriptor handling in p2mp server on inotify FD
        during a SIGUSR1 restart.
      + Fix bug where --management-forget-disconnect and --management-signal
        could be executed even if password authentication to managment
        interface was still pending.
      + Repair client-side interaction on reconnect between DCO event handling
        and --persist-tun.
      + Prevent crash on invalid server-ipv6 argument.
      + Fix invalid pointer creation in tls_pre_decrypt().
      + Properly check for errors in creation on $auth_failed_reason_file.
      + Apply close-on-exec option to correct socket for incoming TCP
        connections.
      + Fix missing perf_pop() call in ssl_mbedtls.
      + Apply more checks to incoming TLS handshake packets before creating new
        state.
      + Fix broadcast address configuration for broadcast-based applications
        using ifconfig to get address.
    - See https://community.openvpn.net/ReleaseHistory for additional
      information.
  * Remove patches fixed upstream:
    - d/p/CVE-2025-13086.patch
    [Fixed in 2.6.16]
    - d/p/handle_intentional_route_push_float_ip.patch
    [Fixed in 2.6.15]
  * d/watch: Update download URL.

 -- Lena Voytek <email address hidden> Fri, 20 Feb 2026 18:13:25 -0500

Source diff to previous version
2127658 Backport of openvpn for noble and questing
CVE-2025-13086 HMAC verification check: fix incorrect memcmp() call

Version: 2.6.14-0ubuntu0.24.04.3 2025-11-27 22:13:32 UTC

  openvpn (2.6.14-0ubuntu0.24.04.3) noble-security; urgency=medium

  * SECURITY UPDATE: incorrect HMAC verification check
    - debian/patches/CVE-2025-13086.patch: fix memcmp check for the hmac
      verification in the 3way handshake being inverted in
      src/openvpn/ssl_pkt.c, tests/unit_tests/openvpn/test_pkt.c.
    - CVE-2025-13086

 -- Marc Deslauriers <email address hidden> Mon, 24 Nov 2025 17:32:32 -0500

Source diff to previous version
CVE-2025-13086 HMAC verification check: fix incorrect memcmp() call

Version: 2.6.14-0ubuntu0.24.04.2 2025-09-23 14:07:23 UTC

  openvpn (2.6.14-0ubuntu0.24.04.2) noble; urgency=medium

  * d/p/handle_intentional_route_push_float_ip.patch: Fix floating IP due
    to "route VPN_IP net_gateway", which can lead to incorrect blocking of
    a source IP switch for 60 seconds immediately after connection setup.
    (LP: #2108860)

 -- Jonas Jelten <email address hidden> Tue, 09 Sep 2025 16:36:28 +0200

2108860 floating IP due to \



About   -   Send Feedback to @ubuntu_updates