Ubuntu
openvpn package

openvpn 2.6.5-0ubuntu1.1 source package in Ubuntu

Changelog

openvpn (2.6.5-0ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: divide-by-zero via --fragment option
    - debian/patches/CVE-2023-46849.patch: remove saving initial frame code
      in src/openvpn/forward.c, src/openvpn/init.c, src/openvpn/openvpn.h.
    - CVE-2023-46849
  * SECURITY UPDATE: memory disclosure or code exec via use-after-free
    - debian/patches/CVE-2023-46850.patch: fix using to_link buffer after
      freed in src/openvpn/ssl.c.
    - CVE-2023-46850

 -- Marc Deslauriers <email address hidden>  Wed, 15 Nov 2023 13:12:32 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Mantic
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Mantic updates main net
Mantic security main net

Downloads

File Size SHA-256 Checksum
openvpn_2.6.5.orig.tar.gz 1.8 MiB e34efdb9a3789a760cfc91d57349dfb1e31da169c98c06cb490c6a8a015638e2
openvpn_2.6.5-0ubuntu1.1.debian.tar.xz 64.2 KiB 89b81b52bbbf71e26d99e4cf61181479d1b4b32a9ca924903820b8b8551b988a
openvpn_2.6.5-0ubuntu1.1.dsc 2.2 KiB e7e9eda47bba63405cae111838052d96b635bce8328041bf8645c54aa4acf10a

View changes file

Binary packages built by this source

openvpn: virtual private network daemon

 OpenVPN is an application to securely tunnel IP networks over a
 single UDP or TCP port. It can be used to access remote sites, make
 secure point-to-point connections, enhance wireless security, etc.
 .
 OpenVPN uses all of the encryption, authentication, and certification
 features provided by the OpenSSL library (any cipher, key size, or
 HMAC digest).
 .
 OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It
 also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels
 over NAT or connection-oriented stateful firewalls (such as Linux's iptables).

openvpn-dbgsym: debug symbols for openvpn