-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: arm64 Version: 2.6.14-0+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: arm64 Build Daemon (arm-conova-03) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-0+deb12u2) bookworm-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: 51a28ecfc8d8aa49e3fbc11af07df48898263e9d 1246824 openvpn-dbgsym_2.6.14-0+deb12u2_arm64.deb ecc72b58a35e87b35313a1358215c559b247eacb 7870 openvpn_2.6.14-0+deb12u2_arm64-buildd.buildinfo 191a58dcfaef6c90c57881280cb6884dbeba40ad 629980 openvpn_2.6.14-0+deb12u2_arm64.deb Checksums-Sha256: f3d98e075bd0f3be985f393db25557c651867179e177f5b793a414067988ac45 1246824 openvpn-dbgsym_2.6.14-0+deb12u2_arm64.deb 0c3e1f7363da0484b67b35855859f1f3506a7e33192482c11550dfeffb1747b8 7870 openvpn_2.6.14-0+deb12u2_arm64-buildd.buildinfo faecf91cfc319c1e3299266dc3cb9531ce33909cb3723431565011791df78c4e 629980 openvpn_2.6.14-0+deb12u2_arm64.deb Files: 5092f2114b223155983335a52f5f619c 1246824 debug optional openvpn-dbgsym_2.6.14-0+deb12u2_arm64.deb 5add8b875a5e20eb78d85122bee3c2e0 7870 net optional openvpn_2.6.14-0+deb12u2_arm64-buildd.buildinfo d68159f1746d24e6529c3b834bb61437 629980 net optional openvpn_2.6.14-0+deb12u2_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEElFiH1oZRZh1t4FSiXVp1sEH/1mIFAmpG5o4ACgkQXVp1sEH/ 1mLZVw//Xk/EsswvpkYu/BB58TyYuKWyT1zGl8oEBxz55Ygp6hfPWJMgp1XdQ1OC rB2oThSxurn15cyIJXCJEgzKjwKXRNliq/WsdetG0vRBtljFOqpZeSxDCFJ+oEDB 0lLRhlP8K8mYNIYjSLfLX8iidOinsPkXn0Sukh7O36WlvXJIfu7xczdLtj0ol6ws Uj2N5E1AT9eUx5FHAhKbUKZAijFYn430hNzkNvedRG1fXuXFFduAE1HWOTmypXe2 T/ZD0ECPvzd4/cwX3WL3ONy2xrv6OQR43AtoFv16hTxujCeHNq07k2CWQwIRLNi3 +3eCX0DuIqDMyhEavw0bJELpDlDjosjjaYjGAlOZpHGTvBI00oZDgstnHX4SSUP4 E8TGYm1LEVzOwPOgMhsVFRWVUIpB6ScSl7HNtjt/4P50uqLxCjZrBugnAgBJtUa6 /GK6gyySxcu2ZqMAT2Y4lPmjlatB8tlTWfI4eNRBnhNV3M6rh2OFJIOAct8aJ/Py 9BN/Ov3ebFp1t6cahIJeE/anaNckWp7P64JuZpJ/T1/emQJHNmKQ5IxYYqJgudd+ pQkaPJmfVuGLfC+avefEHvGH+7GnKTAKR681HxIjtqRbw9aACwe3Xw4EwpUQ2rIe YC4vx4LaE3tL+IPNaF7I37hXAhSUSqJblwz/mm6TW+4baMtY0kw= =HUmw -----END PGP SIGNATURE-----