[ubuntu/noble-proposed] openvpn 2.6.19-0ubuntu0.24.04.1 (Accepted)

Lena Voytek lena.voytek at canonical.com
Wed Feb 25 21:05:40 UTC 2026 

openvpn (2.6.19-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream version 2.6.19 (LP: #2127658):
    - CVE Fixes:
      + CVE-2025-13086
    - Updates:
      + Disable DCO if --bind-dev option is given
    - Bug Fixes:
      + Fix incorrect file descriptor handling in p2mp server on inotify FD
        during a SIGUSR1 restart.
      + Fix bug where --management-forget-disconnect and --management-signal
        could be executed even if password authentication to managment
        interface was still pending.
      + Repair client-side interaction on reconnect between DCO event handling
        and --persist-tun.
      + Prevent crash on invalid server-ipv6 argument.
      + Fix invalid pointer creation in tls_pre_decrypt().
      + Properly check for errors in creation on $auth_failed_reason_file.
      + Apply close-on-exec option to correct socket for incoming TCP
        connections.
      + Fix missing perf_pop() call in ssl_mbedtls.
      + Apply more checks to incoming TLS handshake packets before creating new
        state.
      + Fix broadcast address configuration for broadcast-based applications
        using ifconfig to get address.
    - See https://community.openvpn.net/ReleaseHistory for additional
      information.
  * Remove patches fixed upstream:
    - d/p/CVE-2025-13086.patch
    [Fixed in 2.6.16]
    - d/p/handle_intentional_route_push_float_ip.patch
    [Fixed in 2.6.15]
  * d/watch: Update download URL.

Date: Fri, 20 Feb 2026 18:13:25 -0500
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openvpn/2.6.19-0ubuntu0.24.04.1
-------------- next part --------------
Format: 1.8
Date: Fri, 20 Feb 2026 18:13:25 -0500
Source: openvpn
Built-For-Profiles: noudeb
Architecture: source
Version: 2.6.19-0ubuntu0.24.04.1
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Launchpad-Bugs-Fixed: 2127658
Changes:
 openvpn (2.6.19-0ubuntu0.24.04.1) noble; urgency=medium
 .
   * New upstream version 2.6.19 (LP: #2127658):
     - CVE Fixes:
       + CVE-2025-13086
     - Updates:
       + Disable DCO if --bind-dev option is given
     - Bug Fixes:
       + Fix incorrect file descriptor handling in p2mp server on inotify FD
         during a SIGUSR1 restart.
       + Fix bug where --management-forget-disconnect and --management-signal
         could be executed even if password authentication to managment
         interface was still pending.
       + Repair client-side interaction on reconnect between DCO event handling
         and --persist-tun.
       + Prevent crash on invalid server-ipv6 argument.
       + Fix invalid pointer creation in tls_pre_decrypt().
       + Properly check for errors in creation on $auth_failed_reason_file.
       + Apply close-on-exec option to correct socket for incoming TCP
         connections.
       + Fix missing perf_pop() call in ssl_mbedtls.
       + Apply more checks to incoming TLS handshake packets before creating new
         state.
       + Fix broadcast address configuration for broadcast-based applications
         using ifconfig to get address.
     - See https://community.openvpn.net/ReleaseHistory for additional
       information.
   * Remove patches fixed upstream:
     - d/p/CVE-2025-13086.patch
     [Fixed in 2.6.16]
     - d/p/handle_intentional_route_push_float_ip.patch
     [Fixed in 2.6.15]
   * d/watch: Update download URL.
Checksums-Sha1:
 a4a47181c55ee8ac36cd395b8c2cbb340ffdc62b 2366 openvpn_2.6.19-0ubuntu0.24.04.1.dsc
 0a8f410dc42f54298c7a0bc5cacafba39bec11c6 1926557 openvpn_2.6.19.orig.tar.gz
 08d46cc872ac12e537da08194be7e6cf4e88cd29 65928 openvpn_2.6.19-0ubuntu0.24.04.1.debian.tar.xz
 06dae3ad6adead8d1c523c16369b9be597f1b613 8695 openvpn_2.6.19-0ubuntu0.24.04.1_source.buildinfo
Checksums-Sha256:
 70621969d30e772800246d772b36173137de0f69aff87ab542d36ae5f0edc1bc 2366 openvpn_2.6.19-0ubuntu0.24.04.1.dsc
 13702526f687c18b2540c1a3f2e189187baaa65211edcf7ff6772fa69f0536cf 1926557 openvpn_2.6.19.orig.tar.gz
 ce6179ece6c09d6923b6ca86608dc4c2bf5ac5c071acac6427b6cd9ab3774d68 65928 openvpn_2.6.19-0ubuntu0.24.04.1.debian.tar.xz
 5a043a7b9901304208541fac14e2e0716ca5f41ff363b34a81e2d59f84462ae5 8695 openvpn_2.6.19-0ubuntu0.24.04.1_source.buildinfo
Files:
 8d57fe25f3f24bd7f822b792d86f489a 2366 net optional openvpn_2.6.19-0ubuntu0.24.04.1.dsc
 ed2b0b0be35a0ff177f3b651eec8e773 1926557 net optional openvpn_2.6.19.orig.tar.gz
 5d02f049cda135bb1400a9837ff703f5 65928 net optional openvpn_2.6.19-0ubuntu0.24.04.1.debian.tar.xz
 be7f415f1d6fa0407b545158bf289903 8695 net optional openvpn_2.6.19-0ubuntu0.24.04.1_source.buildinfo
Original-Maintainer: Bernhard Schmidt <berni at debian.org>
Vcs-Git: https://git.launchpad.net/~lvoytek/ubuntu/+source/openvpn
Vcs-Git-Commit: 61756b9ffb3d8aea118be1244a4bd3ae09f4cfce
Vcs-Git-Ref: refs/heads/backport-2.6.19-noble

More information about the noble-changes mailing list