Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in OpenVPN.
Software Description:
- openvpn: virtual private network software
Details:
It was discovered that OpenVPN had a 1-byte buffer overrun when handling
NTLMv2 proxy responses. An attacker could use this issue to cause a denial
of service or possibly execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-11771)
It was discovered that OpenVPN incorrectly handled metadata when extracting
tls-crypt-v2 client keys. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2026-12932)
It was discovered that OpenVPN had a use-after-free in the ack_write_buf
handling. An attacker could use this issue to cause OpenVPN to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-12996)
It was discovered that OpenVPN had a use-after-free in the tls_wrap_reneg
handling. An attacker could use this issue to cause OpenVPN to crash,
resulting in a denial of...
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS openvpn 2.7.0-1ubuntu1.2 Ubuntu 24.04 LTS openvpn 2.6.19-0ubuntu0.24.04.3 Ubuntu 22.04 LTS openvpn 2.5.11-0ubuntu0.22.04.4 After a standard system update you need to restart OpenVPN to make all the necessary changes.
https://ubuntu.com/security/notices/USN-8540-1
CVE-2026-11771, CVE-2026-12932, CVE-2026-12996, CVE-2026-13117,
CVE-2026-13122, CVE-2026-13698
Get the latest Linux and open source security news straight to your inbox.