Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 78 articles for you...
172

Ubuntu 26.04 OpenVPN Critical Security Issues CVE-2026-11771

Several security issues were fixed in OpenVPN.. ========================================================================== Ubuntu Security Notice USN-8540-1 July 14, 2026 openvpn vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in OpenVPN. Software Description: - openvpn: virtual private network software Details: It was discovered that OpenVPN had a 1-byte buffer overrun when handling NTLMv2 proxy responses. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-11771) It was discovered that OpenVPN incorrectly handled metadata when extracting tls-crypt-v2 client keys. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-12932) It was discovered that OpenVPN had a use-after-free in the ack_write_buf handling. An attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-12996) It was discovered that OpenVPN had a use-after-free in the tls_wrap_reneg handling. An attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-13117) It was discovered that OpenVPN incorrectly validated authentication tokens when external authentication was enabled. A remote attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-13122) It was discovered that OpenVPN had a memory leak when handling tls-crypt-v2 client keys. A remote attacker with a valid tls-crypt-v2 client key could possibly use this issue to cause OpenVPN to consumeexcessive resources, leading to a denial of service. (CVE-2026-13698) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS openvpn 2.7.0-1ubuntu1.2 Ubuntu 24.04 LTS openvpn 2.6.19-0ubuntu0.24.04.3 Ubuntu 22.04 LTS openvpn 2.5.11-0ubuntu0.22.04.4 After a standard system update you need to restart OpenVPN to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8540-1 CVE-2026-11771, CVE-2026-12932, CVE-2026-12996, CVE-2026-13117, CVE-2026-13122, CVE-2026-13698 Package Information: https://launchpad.net/ubuntu/+source/openvpn/2.7.0-1ubuntu1.2 https://launchpad.net/ubuntu/+source/openvpn/2.6.19-0ubuntu0.24.04.3 https://launchpad.net/ubuntu/+source/openvpn/2.5.11-0ubuntu0.22.04.4 . OpenVPN fixes critical security issues in Ubuntu with potential code execution and denial of service risks. Prompt updates are advisable.. OpenVPN security update, Ubuntu vulnerability fix, critical advisory 2026, denial of service risk. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 14, 2026 Critical Ubuntu
197

Debian LTS OpenVPN Security Update Addresses Segmentation Fault Issue

A regression has been discovered in the latest release of openvpn 2.5.1-3+deb11u3. The fix adressing CVE-2026-40215 contained a bug which could lead to segmentation faults. Furthermore, the function backported for the fix has recently been disovered to be vulnerable to CVE-2026- 12996.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4653-2 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Daniel Leidert July 06, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : openvpn Version : 2.5.1-3+deb11u4 CVE ID : CVE-2026-12996 Debian Bug : 1141326 A regression has been discovered in the latest release of openvpn 2.5.1-3+deb11u3. The fix adressing CVE-2026-40215 contained a bug which could lead to segmentation faults. Furthermore, the function backported for the fix has recently been disovered to be vulnerable to CVE-2026- 12996. For Debian 11 bullseye, these problems have been fixed in version 2.5.1-3+deb11u4. We recommend that you upgrade your openvpn packages. For the detailed security status of openvpn please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvpn Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . A regression in openvpn update affects stability, exposing CVE-2026-12996. Upgrade to mitigate risks with Debian LTS.. openvpn bug fix, Debian LTS security, CVE-2026-12996, segmentation fault, Linux application security. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 05, 2026 Important Debian LTS
89

Fedora 43 OpenVPN Update to 2.6.21 Advisory FEDORA-2026-89f19dcfa6

Update to upstream 2.6.21 release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-89f19dcfa6 2026-07-04 01:06:18.979287+00:00 -------------------------------------------------------------------------------- Name : openvpn Product : Fedora 43 Version : 2.6.21 Release : 1.fc43 URL : https://community.openvpn.net/ Summary : A full-featured TLS VPN solution Description : OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. -------------------------------------------------------------------------------- Update Information: Update to upstream 2.6.21 release -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Frank Lichtenheld - 2.6.21-1 - Update to upstream OpenVPN 2.6.21 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-89f19dcfa6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ ListGuidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Install OpenVPN update to 2.6.21 for Fedora 43 to enhance security and functionality of your VPN solutions.. OpenVPN Update, Fedora 43, TLS VPN Solution. . LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Fedora
89

Fedora 44 OpenVPN Important Security Update 2026-117dbc031b

Update to upstream 2.7.5 release. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-117dbc031b 2026-07-04 00:49:17.194881+00:00 -------------------------------------------------------------------------------- Name : openvpn Product : Fedora 44 Version : 2.7.5 Release : 1.fc44 URL : https://community.openvpn.net/ Summary : A full-featured TLS VPN solution Description : OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. -------------------------------------------------------------------------------- Update Information: Update to upstream 2.7.5 release -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Frank Lichtenheld - 2.7.5-1 - Update to upstream 2.7.5 release * Fri Jun 12 2026 Yaakov Selkowitz - 2.7.4-2 - Rebuilt for openssl 4.0 * Thu Apr 30 2026 Frank Lichtenheld - 2.7.4 - Update to upstream 2.7.4 release -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-117dbc031b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send anemail to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update to OpenVPN 2.7.5 to enhance security and features in Fedora 44. Install using the dnf update tool.. Fedora OpenVPN Update, TLS VPN, Fedora 44 Security Fix, OpenVPN Features. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Important Fedora
197

Debian LTS OpenVPN DLA-4666-1 Critical Denial of Service Vulnerability Fix

Multiple security vulnerabilities were discovered in OpenVPN, which could result in denial of service. For Debian 12 bookworm, these problems have been fixed in version 2.6.14-0+deb12u2. We recommend that you upgrade your openvpn packages.. Debian LTS Advisory DLA-4666-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Utkarsh Gupta July 04, 2026 https://wiki.debian.org/LTS Package : openvpn Version : 2.6.14-0+deb12u2 CVE ID : CVE-2026-11771 CVE-2026-12932 CVE-2026-12996 CVE-2026-13117 CVE-2026-13122 CVE-2026-13698 Multiple security vulnerabilities were discovered in OpenVPN, which could result in denial of service. For Debian 12 bookworm, these problems have been fixed in version 2.6.14-0+deb12u2. We recommend that you upgrade your openvpn packages. For the detailed security status of openvpn please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvpn Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Upgrade your OpenVPN packages now to fix critical denial of service issues for Debian 12 after multiple vulnerabilities.. OpenVPN upgrade, Debian 12 security, denial of service fix, open source vulnerabilities, security patching. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Critical Debian LTS
87

Debian OpenVPN Key Denial of Service Advisory DSA-6376-1 CVE-2026-11771

Multiple security vulnerabilities were discovered in OpenVPN, which could result in denial of service. For the stable distribution (trixie), these problems have been fixed in version 2.6.14-1+deb13u3. We recommend that you upgrade your openvpn packages.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6376-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff July 03, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openvpn CVE ID : CVE-2026-11771 CVE-2026-12932 CVE-2026-12996 CVE-2026-13117 CVE-2026-13122 CVE-2026-13698 Multiple security vulnerabilities were discovered in OpenVPN, which could result in denial of service. For the stable distribution (trixie), these problems have been fixed in version 2.6.14-1+deb13u3. We recommend that you upgrade your openvpn packages. For the detailed security status of openvpn please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvpn Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical vulnerabilities discovered in OpenVPN cause denial of service; update to version 2.6.14-1+deb13u3 is recommended.. OpenVPN Security Issues, Debian Update Guide, Denial of Service Threat, Security Patch Recommendations. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Important Debian
197

Debian LTS OpenVPN Critical DoS Race Condition Vulnerability DLA-4653-1

Two security vulnerabilities were discovered in OpenVPN, a virtual private network application. CVE-2026-35058 Improper validation of packet length during tls-crypt-v2 key extraction allows authenticated attackers to trigger a fatal. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4653-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Daniel Leidert June 27, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : openvpn Version : 2.5.1-3+deb11u3 CVE ID : CVE-2026-35058 CVE-2026-40215 Two security vulnerabilities were discovered in OpenVPN, a virtual private network application. CVE-2026-35058 Improper validation of packet length during tls-crypt-v2 key extraction allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet. CVE-2026-40215 A race condition allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion. For Debian 11 bullseye, these problems have been fixed in version 2.5.1-3+deb11u3. We recommend that you upgrade your openvpn packages. For the detailed security status of openvpn please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvpn Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Two security flaws in OpenVPN lead to potential crashes and attacks. Upgrade recommended to protect systems.. OpenVPN security update, Debian LTS vulnerabilities, denial of service issue. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Important Debian LTS
87

Debian OpenVPN Significant Denial of Service Packet Exposure DSA-6289-1

Two security vulnerabilities were discovered in OpenVPN, which could result in denial of service or a leak of packet data from a previous handshake. For the oldstable distribution (bookworm), these problems have been fixed in version 2.6.14-0+deb12u1.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6289-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openvpn CVE ID : CVE-2026-35058 CVE-2026-40215 Two security vulnerabilities were discovered in OpenVPN, which could result in denial of service or a leak of packet data from a previous handshake. For the oldstable distribution (bookworm), these problems have been fixed in version 2.6.14-0+deb12u1. For the stable distribution (trixie), these problems have been fixed in version 2.6.14-1+deb13u2. We recommend that you upgrade your openvpn packages. For the detailed security status of openvpn please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvpn Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . OpenVPN on Debian fixed issues with denial of service and packet leak risks in version 2.6.14-0+deb12u1. Update now!. OpenVPN security, Debian updates, denial of service, security advisories, packet data leak. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 21, 2026 Important Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200