As part of the 2.7.5 and 2.6.21 security releases the OpenVPN community project 
team
also decided to release backports of several of the fixes to the OpenVPN 2.5 
code base.

Since 2.5 is not officially supported anymore, there will be no official 
release and
no preparation of source archives or builds of Windows installers. However, the 
fixes
are available in the Git repositories in the release/2.5 branch for people that
still produce releases based on 2.5 (e.g. long-term supported Linux distros).

The fixes backported are:

* Clean up metadata handling in tls_crypt_v2_extract_client_key.
  An attacker could repeatedly trigger a memory leak on servers that
  use tls-crypt-v2 and cause the server to crash. (CVE-2026-12932)
* Ensure tls-crypt keys are not setup twice.  An attacker with a valid
  tls-crypt-v2 client key could repeatedly trigger a memory leak on
  the server and cause it to crash. (CVE-2026-13698)
* Fix ack_write_buf use after free.  A race-condition could trigger an
  use-after-free error. (CVE-2026-12996)
* fix server ASSERT() on receiving a suitably malformed packet with
  a valid tls-crypt-v2 key (CVE-2026-35058)
  Bug found by XlabAI Team of Tencent Xuanwu Lab ([email protected]),
   and independently by Emma Reuter of Cisco ASIG (TALOS-2026-2381).
  (backported from 2.7.2)
* fix race condition in TLS handshake that could lead to leaking of
  packet data from a previous handshake under specific circumstances
  (CVE-2026-40215)
  Bug found by XlabAI Team of Tencent Xuanwu Lab ([email protected]).
  (backported from 2.7.2)

The OpenVPN support policy is documented at

<https://community.openvpn.net/Pages/Supported%20versions>

Kind regards,
-- 
  Frank Lichtenheld


_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to