-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6069-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 03, 2025 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : openvpn CVE ID : CVE-2025-13086 Debian Bug : 1121086 It was discovered that openvpn, a virtual private network application, does not properly handle HMAC verification checks. A remote attacker can take advantage of this flaw to bypass source IP address validation. For the oldstable distribution (bookworm), this problem has been fixed in version 2.6.3-1+deb12u4. For the stable distribution (trixie), this problem has been fixed in version 2.6.14-1+deb13u1. We recommend that you upgrade your openvpn packages. For the detailed security status of openvpn please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvpn Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmkwq+NfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RbSg/+LTvErj/8y7CUyE71Y59NeE/mDnoShDIQqadNvvTjyE2bU3Jp/3MOXbqi JJC89CKupK/BXwMYIRyDAdR4MrN5k3P69/a/ufjEi7kJY5AOMuHG+g68s48BpU1N BW4dpgYMRPBCunKTrYM5vWMypIne9Vd4qx95lLk3dcZuMfVjPlcGdBxCqJXX1hUc KGnPpY98Cz56iwIAecM6cCnYeOpXkQF/64xiGjQEzPS7YL2Lla9HsKW4joHoJ50f 0GS8penQKyaYOh3QAP7e+KcFVQg7dbaQSDIH4NLYZB+wvGRsf1bx40snSKogRmX3 IacxzyE9+tLx021VrTZljwbZd0VAUWoLTKItgyVJCDfxrn9StCacY1uBmH+5Rac6 RBD6hKlUWNvWjijq1kmBcqR2ujgGJnTw0cHZSvA03BdV102yA9aNXVb5BK15nf7Z 5AuNzIvjLdrmQ9kwaOlogHv+zDxGPVPcXNVg9YjemIWAIM7HAgDAKhfic9Ok3vK7 DM+g1ASzuaadZfSQ1uFXJXbXiy2RXHWLYyZ3vIHKXaWje0oY92GcDx9/jyfl/mJR knLzEqpTBS33aWrbopRH0jxQcDmX5TPn1JJApTTKaSWeYNxjC2Sw9CBpFkYFFBmj 4M5+Zci2Jb1frbMbhkoJDmP5+JATvKyI62a1VC+HSlioKTHtsxE= =I1La -----END PGP SIGNATURE-----
