This bug was fixed in the package openvpn - 2.6.12-0ubuntu0.24.04.1
---------------
openvpn (2.6.12-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream release 2.6.12 (LP: #2073318):
- CVE Fixes:
+ CVE-2024-4877, CVE-2024-5594, CVE-2024-28882, CVE-2024-27459,
CVE-2024-24974, CVE-2024-27903
- Updates:
+ Allow trailing \r and \n in control channel message
+ Implement --server-poll-timeout on SOCKS proxies
+ Implement Windows CA template match for Crypto-API selector
+ Update sample configuration files
+ Update systemd unit file documentation references
- Bug Fixes Include:
+ Fix issue with proxy credentials caching
+ Fix LibreSSL crashing when enumerating digests/cipher with workaround
+ Use snprintf instead of sprintf for get_ssl_library_version
+ Fix disabling DCO when proxy is set via management interface
+ See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26 for
additional bug fixes and information
* Remove patches fixed upstream:
- d/p/systemd.patch
[Fixed in 2.6.10]
- d/p/CVE-2024-28882.patch
- d/p/CVE-2024-5594.patch
[Fixed in 2.6.11]
-- Lena Voytek <[email protected]> Tue, 17 Sep 2024 10:27:52
-0700
** Changed in: openvpn (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-28882
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-4877
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073318
Title:
Backport of openvpn for jammy and noble
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2073318/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
