-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Jul 2026 22:20:55 +0200 Source: openvpn Binary: openvpn openvpn-dbgsym Architecture: s390x Version: 2.6.14-0+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: s390x Build Daemon (zani) Changed-By: Bernhard Schmidt Description: openvpn - virtual private network daemon Changes: openvpn (2.6.14-0+deb12u2) bookworm-security; urgency=high . * Cherry-pick upstream security patches from the 2.6.21 release - CVE-2026-12996: Fix use-after-free bug in ack_write_buf(), triggerable by a well-timed sequence of control channel + authentication packets - CVE-2026-13117: Fix use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets - CVE-2026-13122: Fix server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active - CVE-2026-12932: Fix memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes - CVE-2026-11771: Fix possible 1-byte buffer overrun on NTLMv2 proxy responses. - CVE-2026-13698: Fix another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash Checksums-Sha1: 6e508160f2cd80dac73948a70276b652aa0c4fe1 1239572 openvpn-dbgsym_2.6.14-0+deb12u2_s390x.deb 2f0186edaaed291d33c458c7e25378a8d3d8d6f0 7742 openvpn_2.6.14-0+deb12u2_s390x-buildd.buildinfo 2eaa4b7dd27ddb5e836e908b8deeba0aede6543c 616756 openvpn_2.6.14-0+deb12u2_s390x.deb Checksums-Sha256: 668b17bd725d3a5490aa87a4a54d92c16a0621bdb41ac1c1e8005353ce2a6998 1239572 openvpn-dbgsym_2.6.14-0+deb12u2_s390x.deb a5ab8c635cdea85d2475de3383f35c6fd9499e139dec2449150ccabfe470acf8 7742 openvpn_2.6.14-0+deb12u2_s390x-buildd.buildinfo fc934758d79b40463d0e8dfc99eb4745341add19f8831602e8ded07220a03531 616756 openvpn_2.6.14-0+deb12u2_s390x.deb Files: 5d4618421752d103ae83236f1c34fc9b 1239572 debug optional openvpn-dbgsym_2.6.14-0+deb12u2_s390x.deb 4f440adf7c9dc162cf36d1ffc73c5743 7742 net optional openvpn_2.6.14-0+deb12u2_s390x-buildd.buildinfo fdc0cd817d20800141de47c774b5ca09 616756 net optional openvpn_2.6.14-0+deb12u2_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmpG5o4ACgkQkaCrxAR3 BY0xKg//VdvXNt+VP1ZRGORpQhtApi681NvQIGFJUQh5eUhLnTdI+Ps/FTywWSRu qCVFSSzB9Anc7DNRzXBNKPjRXtW4sfFyPkFqi1Ypd9o5/cTB6TI8zqXa8NDWBSYi SY7tdcvQMe+bTmkJcVmXf2uMeWW2WiRVtD0HZDVbA1Coi7nbwYuzWfVt9h7/6XJF K01gPN562h2GoDOQs3xSEh39hka5j1zNmrDpGLiY2QKgXy2OxqusePe1J3mLOiND cF3UEgRhMricBN+XADq0fe7OK9ygab24eSLoM/k5p+iemOKKQ0vOWPlUBdO5EmGF QW1ABx4GTU1Y99vdqtdj9j9s2AuNqyq+DF4qGBCtmRwG6Npu5CtxFdEyosEWZjML 3HDdsP/7xZPWo0ZP7jyJcAT2Bp02UV1vdsNKJsnQ4v2paGII5e+rHo3AsY9gDz+c J0WIFta8spSmv7+NOgUQBmIBCaomchhNYS6ofeDLdy/l9FwBh5EdR8X4j/Izzrcd +0+4xIJi9vmXIkYyZ26UTnVdOm7dmcCxK9tB4Vymm069NwEW1vAhmTpYSkov6vRr dAzaRu2d25d8IGKKvPwS/D7UB264GXDb5IKV/Bnzpab6CvcZbduMHCfDXfKpNU/+ wa/xET59xI/7ZRxieNWTfW/CNmCchE8HEG1dQLqR1ADG0e4O5LE= =zpqr -----END PGP SIGNATURE-----