UbuntuUpdates.org

Package "openvpn"

Name: openvpn

Description:

virtual private network daemon
Latest version: 2.6.19-0ubuntu0.25.10.2
Release: questing (25.10)
Level: security
Repository: main
Homepage: https://openvpn.net/community/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "openvpn"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "openvpn" in Questing

Repository Area Version
base main 2.6.14-2ubuntu1
updates main 2.6.19-0ubuntu0.25.10.2

Changelog

Version: 2.6.19-0ubuntu0.25.10.2 2026-05-20 14:07:37 UTC

  openvpn (2.6.19-0ubuntu0.25.10.2) questing-security; urgency=medium

  * SECURITY UPDATE: server ASSERT() via malformed packet
    - debian/patches/CVE-2026-35058.patch: avoid interpreting opcode as
      part of WKc in src/openvpn/tls_crypt.c,
      tests/unit_tests/openvpn/test_tls_crypt.c.
    - CVE-2026-35058
  * SECURITY UPDATE: race condition in TLS handshake
    - debian/patches/CVE-2026-40215.patch: ensure that buffer of freed
      session are not used in src/openvpn/ssl.c.
    - CVE-2026-40215

 -- Marc Deslauriers <email address hidden> Thu, 23 Apr 2026 09:08:53 -0400
Source diff to previous version

Version: 2.6.14-2ubuntu1.1 2025-11-27 19:55:46 UTC

  openvpn (2.6.14-2ubuntu1.1) questing-security; urgency=medium

  * SECURITY UPDATE: incorrect HMAC verification check
    - debian/patches/CVE-2025-13086.patch: fix memcmp check for the hmac
      verification in the 3way handshake being inverted in
      src/openvpn/ssl_pkt.c, tests/unit_tests/openvpn/test_pkt.c.
    - CVE-2025-13086

 -- Marc Deslauriers <email address hidden> Mon, 24 Nov 2025 17:30:01 -0500
CVE-2025-13086 HMAC verification check: fix incorrect memcmp() call


About   -   Send Feedback to @ubuntu_updates