The OpenVPN community project team is proud to release OpenVPN 2.6.17.
This is a bugfix release containing one security fix.
Security fixes:
* CVE-2025-13751: Windows/interactive service: fix erroneous exit on error that
could be
used by a local Windows users to achieve a local denial-of-service
Bug fixes:
* Windows/interactive service: improve service pipe robustness against
file access races (uuid) and access by unauthorized processes (ACL).
* upgrade bundled build instruction (vcpkg and patch) for pkcs11-helper
to 1.31, fixing a parser bug
Windows MSI changes since 2.6.16-I001:
* Built against OpenSSL 3.6.0
* Included openvpn-gui updated to 11.59.0.0
* Authorize config before opening the service pipe
* Remove dependence on pathcch.dll not in Windows 7
* Included win-dco driver updated to 2.8.0
More details can be found in the Changes document:
<https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst>
(The Changes document also contains a section with work-arounds for
common problems encountered when using OpenVPN with OpenSSL 3)
Source code and Windows installers can be downloaded from our download page:
<https://openvpn.net/community/>
Debian and Ubuntu packages are available in the official apt repositories:
<https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#DebianUbuntu:UsingOpenVPNaptrepositories>
On Red Hat derivatives we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/g/OpenVPN/openvpn-release-2.6/>
Kind regards,
Yuriy Darnobyt_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
