[ubuntu/questing-updates] openvpn 2.6.19-0ubuntu0.25.10.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed May 20 14:05:54 UTC 2026
openvpn (2.6.19-0ubuntu0.25.10.2) questing-security; urgency=medium
* SECURITY UPDATE: server ASSERT() via malformed packet
- debian/patches/CVE-2026-35058.patch: avoid interpreting opcode as
part of WKc in src/openvpn/tls_crypt.c,
tests/unit_tests/openvpn/test_tls_crypt.c.
- CVE-2026-35058
* SECURITY UPDATE: race condition in TLS handshake
- debian/patches/CVE-2026-40215.patch: ensure that buffer of freed
session are not used in src/openvpn/ssl.c.
- CVE-2026-40215
Date: 2026-04-23 13:38:11.049554+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openvpn/2.6.19-0ubuntu0.25.10.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list