Alerts This Week
Warning Icon 1 941
Alerts This Week
Warning Icon 1 941

Debian LTS OpenVPN Critical DoS Race Condition Vulnerability DLA-4653-1

debian lts
Calendar Grey June 26, 2026
Dist Debian Esm H88
Two security flaws in OpenVPN lead to potential crashes and attacks. Upgrade recommended to protect systems.
Two security vulnerabilities were discovered in OpenVPN, a virtual private network application
Topics%20covered

Topics Covered

security advisory denial of service debian important authentication issue openvpn

Summary

CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key
extraction allows authenticated attackers to trigger a fatal
assertion and cause a denial of service via a specially crafted
packet.

CVE-2026-40215

A race condition allows remote attackers to potentially cause a server
crash or leak heap memory via a use-after-free triggered during TLS
session promotion.

For Debian 11 bullseye, these problems have been fixed in version
2.5.1-3+deb11u3.

We recommend that you upgrade your openvpn packages.

For the detailed security status of openvpn please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openvpn

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
important
Lowest
Low
Medium
High
Critical

Package: openvpn
Version: 2.5.1-3+deb11u3
CVE ID: CVE-2026-35058 CVE-2026-40215

Topics%20covered

Topics Covered

security advisory denial of service debian important authentication issue openvpn

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here