-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Jul 2026 22:20:55 +0200
Source: openvpn
Architecture: source
Version: 2.6.14-1+deb13u3
Distribution: trixie-security
Urgency: high
Maintainer: Bernhard Schmidt <[email protected]>
Changed-By: Bernhard Schmidt <[email protected]>
Changes:
 openvpn (2.6.14-1+deb13u3) trixie-security; urgency=high
 .
   * Cherry-pick upstream security patches from the 2.6.21 release
     - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by
       a well-timed sequence of control channel + authentication packets
     - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable
       by suitable sequence of dynamic tls-crypt control-channel packets
     - CVE-2026-13122: Fix server crash on reception of suitably malformed
       auth-token, if --auth-gen-token external-auth is active
     - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that
       could lead to out-of-memory situations and subsequent server crashes
     - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy
       responses.
     - CVE-2026-13698: Fix another memory leak on reception of suitable
       tls-crypt-v2 packets that could lead to an out of memory situation and
       server crash
Checksums-Sha1:
 096f3a33108fdebd05def06d18c97d50a8c50a97 2275 openvpn_2.6.14-1+deb13u3.dsc
 47bb325d2c7307aa45fea3d644ccd06b98104fda 75792 
openvpn_2.6.14-1+deb13u3.debian.tar.xz
 d7ca374be64a1d67646df8298c9004d212607a84 7482 
openvpn_2.6.14-1+deb13u3_amd64.buildinfo
Checksums-Sha256:
 f444abce116aebaedf421f74f4948680669b1f20624783d02499f1d0b8d55712 2275 
openvpn_2.6.14-1+deb13u3.dsc
 7ecf77655c6e21033ac21110146d6fc1797dfc55ce428d0f054cde9ea04fc0cd 75792 
openvpn_2.6.14-1+deb13u3.debian.tar.xz
 9056fca45143f677e5be85521d575577df7839b8a08ad705fae2a6365bb353f5 7482 
openvpn_2.6.14-1+deb13u3_amd64.buildinfo
Files:
 adee06b30563b7698e3b1badc77905e0 2275 net optional openvpn_2.6.14-1+deb13u3.dsc
 d83502b4d078ec81c0cb18e7a8b52e9f 75792 net optional 
openvpn_2.6.14-1+deb13u3.debian.tar.xz
 e9413f7172b47342585193b5f8a4280b 7482 net optional 
openvpn_2.6.14-1+deb13u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAmpGiI0RHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJNEpBAAkfMhn2y3ABy7MMYJw6D+fCT7XdoUAjFZ
ovWxT9tCud9Y5NpKO+MlFEbTBvtMvsluJxX2XssDkoc5VYMiL1r/pjtGYbKrhT4I
j5kek9+/9ePNy4blBtNn4IuWU2ZwN96Q6wemxN+cYLJVQKCEXmg8SPqz0pLZsxry
FVET+wBIL4f5fl3racHabELH2977IaX94G0/+sJwU4omt60PqrvjvdaeegVO20+Z
KwDEjY9e67LVViYSuhpPLhSLzEKaHi0x5/ysLdvDR+9iw04w5JrRe+Bt3bxaGknH
Jac1itXuPXe/9SfGD7xpH3z2akt7p14e1ZW54DMuf3kpPnDPUn09ICrowlW5wFye
5LN41HL5M970Uw5Y2TmGkSbQbTwHjUMD8VOT6Ghah02zklnNmd+IinZlqn9m97Sh
3oG6bi1nmw1vhGNiRSsqdD8FMuly1hgi+1UkhHXmkh0/KChIHxWQCAVQJDJa/p5R
wzfL1qGRH5iLbCHmgjEaHqBSURw4vanzmdqMp2w9msGWZe4QNSiL0fYGpkWd2Ou/
a2omDiFoNE79ROyyiz2HaDfRSZt+f6VwXx8GTd/IV3EMq/TZx8pq/I9/MhA4gcA9
HTfhB2wSL/3vrCVgjESAIoz5g4LHGSyBqTgAJJWqU6DOs0xFVv4GJO56Wb4LfGRY
q+ZkqcQC7Y0=
=/cOb
-----END PGP SIGNATURE-----

Attachment: pgppCeqAvovlz.pgp
Description: PGP signature

Reply via email to