-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: i386 Version: 2.6.14-0+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-0+deb12u2) bookworm-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: ffcf7156298d257dad207ebb44dcf0aa57a3fd0e 1126288 openvpn-dbgsym_2.6.14-0+deb12u2_i386.deb bdcc0ec1da8adf41faf225953126a9a59d46642e 7795 openvpn_2.6.14-0+deb12u2_i386-buildd.buildinfo 0a72e25e848ba5c08853cb7f301df0a3e25d22cd 702268 openvpn_2.6.14-0+deb12u2_i386.deb Checksums-Sha256: 4caf833053af5977ae5ee1a90aef2495bb34e49cda01b90a38edca8166d4b567 1126288 openvpn-dbgsym_2.6.14-0+deb12u2_i386.deb ea32749fdc66a0b0da57be02924924031ea74d256bdc040d7ee7d2fa3ea3921c 7795 openvpn_2.6.14-0+deb12u2_i386-buildd.buildinfo dda248b02b7f31e052802bb5279a608bea40a1a3c8e9567a7556e8d14c8a207f 702268 openvpn_2.6.14-0+deb12u2_i386.deb Files: 1c684e1bedb6c7e559bd7e83e98ece3b 1126288 debug optional openvpn-dbgsym_2.6.14-0+deb12u2_i386.deb f3e357a6ed2569b7ec2b90e8bb0db61f 7795 net optional openvpn_2.6.14-0+deb12u2_i386-buildd.buildinfo 974ff2575b6bbd0702138501ef7d02ae 702268 net optional openvpn_2.6.14-0+deb12u2_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmpG5sIACgkQf2INRiCd aWKEZg/8CmFjyS7yWaSX8sm7VjHHuXBIS1fKTKl5E01aSsenOvRru1UeSMQmERrX bZl9fIfzOPxOciDkVApb3ZArY7wMORX9PHErnHjbN3snjZvDpejBZG7cO59aNG/J JpOvZR5U9yuOLFVerlrNt8j7WIyijSiXVZjEpevrFawU8mk5yTJoZUEOfMb8s5UZ AvpuycC+0kOKRjIPzkEKJH6+8CEuPjstkQ2YfnK5HhID+3isr7IPJS08B2N5ngs1 vfK6UaTfah9qU4aAeUKmlxRA/lCVbAZyk9n7V8QEPleVDht8pjdqbVo3RIiRQbi+ qX1uYFqdEu1vb3lqR8hffENZ+PmyLvVTcNWI013OZDsvC65Ii7ny7BssNw24P8Ef jKkOedvsmuzRTZuU4M4JnRpv8e7hiCj/16+y3KnIF66ie9iJrhL3ET3wCs9IKOyt JvF5uy2ZUnTKWRq+AcpfWSFXJ2w7zGvCum8u3lQYdhq8N+thV9l/N931AOxUis55 YnBsIVyCNp5YiV07i+T9tm8JkGBSaQbAeDVPhrex9HFpOqQqYwHIsN71EtjCq99O GkYWcXc5BL8WQS6zd5ojE0Y8am70uE/ufyxCH2TXWOTbo/guJTBVBpMxZUa8KYM4 +nLDmHrE1oa4XQcEaMh0EjJ4o2D8vslt4KU2mXBCmI60Ut/rEUI= =KTXo -----END PGP SIGNATURE-----