[ubuntu/noble-updates] openvpn 2.6.19-0ubuntu0.24.04.1 (Accepted)

[Timo Aaltonen]

openvpn (2.6.19-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream version 2.6.19 (LP: #2127658):
    - CVE Fixes:
      + CVE-2025-13086
    - Updates:
      + Disable DCO if --bind-dev option is given
    - Bug Fixes:
      + Fix incorrect file descriptor handling in p2mp server on inotify FD
        during a SIGUSR1 restart.
      + Fix bug where --management-forget-disconnect and --management-signal
        could be executed even if password authentication to managment
        interface was still pending.
      + Repair client-side interaction on reconnect between DCO event handling
        and --persist-tun.
      + Prevent crash on invalid server-ipv6 argument.
      + Fix invalid pointer creation in tls_pre_decrypt().
      + Properly check for errors in creation on $auth_failed_reason_file.
      + Apply close-on-exec option to correct socket for incoming TCP
        connections.
      + Fix missing perf_pop() call in ssl_mbedtls.
      + Apply more checks to incoming TLS handshake packets before creating new
        state.
      + Fix broadcast address configuration for broadcast-based applications
        using ifconfig to get address.
    - See https://community.openvpn.net/ReleaseHistory for additional
      information.
  * Remove patches fixed upstream:
    - d/p/CVE-2025-13086.patch
    [Fixed in 2.6.16]
    - d/p/handle_intentional_route_push_float_ip.patch
    [Fixed in 2.6.15]
  * d/watch: Update download URL.

Date: 2026-02-24 17:49:10.725899+00:00
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Signed-By: Timo Aaltonen <tjaalton at ubuntu.com>
https://launchpad.net/ubuntu/+source/openvpn/2.6.19-0ubuntu0.24.04.1
-------------- next part --------------
Sorry, changesfile not available.