** Description changed: This bug tracks an update for the OpenVPN package, moving to versions: * Plucky (25.04): OpenVPN 2.6.14 * Oracular (24.10): OpenVPN 2.6.14 * Noble (24.04): OpenVPN 2.6.14 * Jammy (22.04): OpenVPN 2.5.11 Note that openvpn does not have an accepted micro-release exception. However, the SRU team has agreed to consider further releases given a full knowledge and possible mitigation of backwards-incompatible changes. See https://lists.ubuntu.com/archives/ubuntu- release/2023-July/005688.html [Upstream Changes] + 2.6.13-2.6.14 + + Updates: + + Send uname() release from client to server as IV_PLAT_VER= + Pass --timeout=0 argument to systemd-ask-password, to avoid default timeout of 90 seconds + + Bug Fixes: + + Repair source IP selection for --multihome + Allow tls-crypt-v2 to be setup only on initial packet of a session to fix internal server error + Fix some missing spaces in messages + Fix parsing of usernames or passwords longer than USER_PASS_LEN on the server side to avoid IV variable misparsing and misleading errors + Purge proxy authentication credentials from memory after use (if --auth-nocache is in use) + + + CVE Fix - already available as patch: + + CVE-2025-2704 + + [Test Plan] DEP-8 Tests: server-setup-with-ca - creates and tests an OpenVPN server setup with its own certificate authority server-setup-with-static-key - creates and tests an OpenVPN server setup using a static key for authentication [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu- specific integrations. + + Backwards-incompatible changes: + + Refuse clients if username or password is longer than USER_PASS_LEN - https://github.com/OpenVPN/openvpn/commit/b98ff0e7c60c6592a2e8d2c80dfd5999e5d2e65b + Overly long usernames and/or passwords are now refused by the server which is backwards incompatible from previous versions when they were accepted. However, when they were accepted, the rest of the packet was read improperly and would not work as intended, likely returning a misleading error.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2040467 Title: MRE updates of openvpn for questing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2040467/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
