-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: amd64 Version: 2.6.14-0+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-0+deb12u2) bookworm-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: 9101bf3993fb5e7fe5f221bd79a279a141774051 1265276 openvpn-dbgsym_2.6.14-0+deb12u2_amd64.deb a521c72c8bcdb7651f8cfdb44d8d5a5a294e528e 7855 openvpn_2.6.14-0+deb12u2_amd64-buildd.buildinfo 4c723a65de5860a0a26d1a97077d887789264c78 664096 openvpn_2.6.14-0+deb12u2_amd64.deb Checksums-Sha256: 1e13e5ad2020979083c6d3716ad595aaf5fb96c357570d4bd7644fcb4e64f81c 1265276 openvpn-dbgsym_2.6.14-0+deb12u2_amd64.deb ef500e95e5e56cd4e958adc1b12da8cd51b1ec3a6e439dbfc3b9980035a203ce 7855 openvpn_2.6.14-0+deb12u2_amd64-buildd.buildinfo 6f25a47c80cd4707bd4245e42c97c8a612dc9e5dc92a7e1b1d6ea1b9e2ef956a 664096 openvpn_2.6.14-0+deb12u2_amd64.deb Files: 2fb59556abbf04b8dfb3083c879f0660 1265276 debug optional openvpn-dbgsym_2.6.14-0+deb12u2_amd64.deb d250ec21ecac8654b15f7ff029b58747 7855 net optional openvpn_2.6.14-0+deb12u2_amd64-buildd.buildinfo 4ed9fbcfdd8053fb9058f9111da5bd24 664096 net optional openvpn_2.6.14-0+deb12u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmpG5pcACgkQTwt/65ON 6zdrwg//UAz64Mg1sas3UjjxMdJbKVktilJXOeq2aayRV7KBntMmLau3xg8mOoko LIFZPsWXimkDWSU8J/bjoqa+j0iqEa3L4cacXeAOTp45UoCYHL+oa7x4s+dGVtp2 bSnxU5phX2pyuieueSMgXiGgEV87vmae+V5jWCassL7hUTaUOIRPHS7wu+I6AVFD VexYAlrvjdXvQXqVmczkx7SYtuwADa1BKdUH5cqBHrprEWl6QwkNoeCjUiwXoqoa 5Q1lueWEpjUJ/oYdWqwpxilmXu+sHcXCc78hF91mFrL7FALHJnzXfBE25x1xV16V oEElfpqz6iMGsl5NQK5BPBteIQIJqakNwPXrr5QxNkLTdeZvcrRnCCsyWPTbhRcQ yoTvpgg2dvoCByEMpb16aTqIND/hcPohIENR1BfhBVOtfGySEX4Yuefwc5DF4jy0 GoEnv2wof2xtCTQXLN/VWF5+Co7RjLkh8gJ+n+yohRewqD3mHMQC4bXMJtQyeiNp 3S/E5nBzSvMF0SfE5VQcJ4z6Rni5BcaBkXBCbL5Fw/lDVBg+HUO9WBb7qHGeL0Ci k9P6t4Hi62c3qK1V2ovSoK8JIOpBleLxKVL0N0RLOpxg3RuPBQUsDdM4VTSanYP9 P9hq4yCxkVbbcSxha8Pjn4oQXb9lsJSjqEMntrzsHT/Hc4hEML8= =xSDU -----END PGP SIGNATURE-----