This bug was fixed in the package openvpn - 2.6.14-1ubuntu1
---------------
openvpn (2.6.14-1ubuntu1) questing; urgency=medium
* Merge from Debian Unstable (LP: #2110417). Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/[email protected]: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/t/control: Move to isolation-container to enable armhf/LXD coverage.
(LP #2104146)
* Dropped Changes:
- SECURITY UPDATE: denial of service issue
+ debian/patches/CVE-2025-2704.patch: allow tls-crypt-v2 to be setup
only on initial packet of a session in src/openvpn/ssl.c,
src/openvpn/ssl_common.h, src/openvpn/ssl_pkt.c,
src/openvpn/ssl_pkt.h, src/openvpn/tls_crypt.c,
src/openvpn/tls_crypt.h, tests/unit_tests/openvpn/test_tls_crypt.c.
+ CVE-2025-2704
[ Fixed upstream in 2.6.14 ]
-- Lena Voytek <[email protected]> Wed, 21 May 2025 13:13:19
-0400
** Changed in: openvpn (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-2704
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110417
Title:
Merge openvpn from Debian Unstable for questing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2110417/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
