Your message dated Wed, 02 Apr 2025 20:58:02 +0000
with message-id <[email protected]>
and subject line Bug#1101935: fixed in openvpn 2.6.14-1
has caused the Debian Bug report #1101935,
regarding CVE-2025-2704 fix possible ASSERT() on OpenVPN servers using
--tls-crypt-v2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1101935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101935
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openvpn
Version: CVE-2025-2704 fix possible ASSERT() on OpenVPN servers using
--tls-crypt-v2
Severity: important
Tags: security upstream patch
X-Debbugs-Cc: Debian Security Team <[email protected]>
CVE-2025-2704 fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2
Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using --tls-crypt-v2
can be made to abort with an ASSERT() message by sending a particular
combination of authenticated and malformed packets.
To trigger the bug, a valid tls-crypt-v2 client key is needed, or network
observation of a handshake with a valid tls-crypt-v2 client key
No crypto integrity is violated, no data is leaked, and no remote code
execution is possible.
This bug does not affect OpenVPN clients.
(Bug found by internal QA at OpenVPN Inc)
https://github.com/OpenVPN/openvpn/commit/d3015bfd65348db629dab51e20a9d4e2f3b23493
--- End Message ---
--- Begin Message ---
Source: openvpn
Source-Version: 2.6.14-1
Done: Bernhard Schmidt <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <[email protected]> (supplier of updated openvpn package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 02 Apr 2025 20:56:44 +0200
Source: openvpn
Architecture: source
Version: 2.6.14-1
Distribution: unstable
Urgency: medium
Maintainer: Bernhard Schmidt <[email protected]>
Changed-By: Bernhard Schmidt <[email protected]>
Closes: 1101935
Changes:
openvpn (2.6.14-1) unstable; urgency=medium
.
[ Aquila Macedo ]
* Add new autopkgtest for unit tests
.
[ Bernhard Schmidt ]
* New upstream version 2.6.14
- CVE-2025-2704 possible ASSERT() on OpenVPN servers using --tls-crypt-v2
(Closes: #1101935)
Checksums-Sha1:
2e5e9f9ad5e0f4cf2f27128ad845a99df71a0dc3 2243 openvpn_2.6.14-1.dsc
cfca54fd0f3e3a06565cf4fec982d724b5e5c188 1926343 openvpn_2.6.14.orig.tar.gz
c7aad67627643718d59ca7359fd3ad10a89b0956 59748 openvpn_2.6.14-1.debian.tar.xz
f8d60138e7bdc32d7c44d891d5238754a4e3e644 7179 openvpn_2.6.14-1_amd64.buildinfo
Checksums-Sha256:
ad2e40b1bd8615561cadf4debf565f147e5878deec57c1aa058f640cea8b664c 2243
openvpn_2.6.14-1.dsc
9eb6a6618352f9e7b771a9d38ae1631b5edfeed6d40233e243e602ddf2195e7a 1926343
openvpn_2.6.14.orig.tar.gz
34b2eec5d3eedaf3985853d71439c4c211bc42973386a4e7405209d55fb43640 59748
openvpn_2.6.14-1.debian.tar.xz
fa28b292437e9009884026d7229ecc5c54475dcfcb28aaa2fd7724dec6b9af65 7179
openvpn_2.6.14-1_amd64.buildinfo
Files:
e1fc8de9c1e9b857f56585a39484a42d 2243 net optional openvpn_2.6.14-1.dsc
20f7324bd5fdf7121d0f7b40a2c2b975 1926343 net optional
openvpn_2.6.14.orig.tar.gz
722d37a837d75c8eeda5fa5d7dc357a4 59748 net optional
openvpn_2.6.14-1.debian.tar.xz
132a05ba4040558286873b771e44d4a8 7179 net optional
openvpn_2.6.14-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmftmQARHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJMDmQ/+NvzHjYAvTGaf9o7W82QvTuDWfqNmP6S0
jLW9e/NBvtZ9s2hJS47jFEHXE6YLKRHFU72XO4x6s0OAdKnhRIz6rhIrFKFJejHj
Jmh8AJkC2bV8ItpFjc3GJyC16jzUNTbDvxf11fmV8WrC6d/QvDKdt2gL025VPDU1
uVEcu2ZBc9Q5fKNCW5hk2sWxgNgeuXuwgUvrJRHEFFFHIT1Z0QisL/j4C9VGM6W0
kn/fs6JPc6ApwoY71OZagS94mA1cEqKguC4BTWf8hU39FXXkp5PykXxCLs4y+S3o
ipyk6HY6ny9zzgoact0lVtHe0xo9XWrk6qHl+7xMyfwKDSxF1aK6xSfF+3SCv0P+
Mok0VFrwy7IgYXRg/BX+5lliOiAfbZCe4wDFaemwv9LwpOXDDN8VRDu1ASVFRgYE
AUX52s4EWEfEy7QFD1MZJp5W1CRW79iSRlr67JGWfm6p/Uk3+56Ww+WAOf+vflqi
EPBz3vlViyZAvAal7DFERnVzAXxyXNH1V8Ksv6BW+d32sIpKJzVECUFeGI+AdjSP
0GSE78mvgPceeq4wt1G01ftK8HcPh5FYXnVGFFErLa+VLr4ASCxTvaFEvqB33+0d
7Hw8FH8xTZiXCWtb5TGtCsgyRvJ6rl87myIsOPKo/rMl2XkVEl5IffJ9DUBYQd8B
J5VDxeq/CxQ=
=9pPE
-----END PGP SIGNATURE-----
pgp0XDhYydJsG.pgp
Description: PGP signature
--- End Message ---
