This bug was fixed in the package openvpn - 2.6.14-0ubuntu0.24.04.1
---------------
openvpn (2.6.14-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream version 2.6.14 (LP: #2040467):
- CVE Fixes:
+ CVE-2025-2704
- Updates:
+ Send uname() release from client to server as IV_PLAT_VER.
+ Pass --timeout=0 argument to systemd-ask-password, to avoid default
timeout of 90 seconds.
- Bug Fixes:
+ Repair source IP selection for --multihome.
+ Allow tls-crypt-v2 to be setup only on initial packet of a session.
+ Fix some missing spaces in messages.
+ Fix parsing of usernames or passwords longer than USER_PASS_LEN on the
server side to avoid IV variable misparsing and misleading errors.
+ Purge proxy authentication credentials from memory after use (if
--auth-nocache is in use).
- See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26 for
additional bug fixes and information.
* Remove patches fixed upstream:
- d/p/CVE-2025-2704.patch
[Fixed in 2.6.14]
* d/t/control: Move to isolation-container to enable armhf/LXD coverage (LP
2104146).
-- Lena Voytek <[email protected]> Fri, 30 May 2025 11:24:52
-0400
** Changed in: openvpn (Ubuntu Noble)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2040467
Title:
Backport upstream microreleases for questing cycle
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2040467/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
