[ubuntu/noble-security] openvpn 2.6.12-0ubuntu0.24.04.3 (Accepted)

[Marc Deslauriers]

openvpn (2.6.12-0ubuntu0.24.04.3) noble-security; urgency=medium

  * SECURITY UPDATE: denial of service issue
    - debian/patches/CVE-2025-2704.patch: allow tls-crypt-v2 to be setup
      only on initial packet of a session in src/openvpn/ssl.c,
      src/openvpn/ssl_common.h, src/openvpn/ssl_pkt.c,
      src/openvpn/ssl_pkt.h, src/openvpn/tls_crypt.c,
      src/openvpn/tls_crypt.h, tests/unit_tests/openvpn/test_tls_crypt.c.
    - CVE-2025-2704

openvpn (2.6.12-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream release 2.6.12 (LP: #2073318):
    - CVE Fixes:
      + CVE-2024-4877, CVE-2024-5594, CVE-2024-28882, CVE-2024-27459,
        CVE-2024-24974, CVE-2024-27903
    - Updates:
      + Allow trailing \r and \n in control channel message
      + Implement --server-poll-timeout on SOCKS proxies
      + Implement Windows CA template match for Crypto-API selector
      + Update sample configuration files
      + Update systemd unit file documentation references
    - Bug Fixes Include:
      + Fix issue with proxy credentials caching
      + Fix LibreSSL crashing when enumerating digests/cipher with workaround
      + Use snprintf instead of sprintf for get_ssl_library_version
      + Fix disabling DCO when proxy is set via management interface
      + See https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn26 for
        additional bug fixes and information
  * Remove patches fixed upstream:
    - d/p/systemd.patch
    [Fixed in 2.6.10]
    - d/p/CVE-2024-28882.patch
    - d/p/CVE-2024-5594.patch
    [Fixed in 2.6.11]

Date: 2025-04-02 13:58:14.927170+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openvpn/2.6.12-0ubuntu0.24.04.3
-------------- next part --------------
Sorry, changesfile not available.