This bug was fixed in the package openvpn - 2.6.19-0ubuntu0.24.04.1
---------------
openvpn (2.6.19-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream version 2.6.19 (LP: #2127658):
- CVE Fixes:
+ CVE-2025-13086
- Updates:
+ Disable DCO if --bind-dev option is given
- Bug Fixes:
+ Fix incorrect file descriptor handling in p2mp server on inotify FD
during a SIGUSR1 restart.
+ Fix bug where --management-forget-disconnect and --management-signal
could be executed even if password authentication to managment
interface was still pending.
+ Repair client-side interaction on reconnect between DCO event handling
and --persist-tun.
+ Prevent crash on invalid server-ipv6 argument.
+ Fix invalid pointer creation in tls_pre_decrypt().
+ Properly check for errors in creation on $auth_failed_reason_file.
+ Apply close-on-exec option to correct socket for incoming TCP
connections.
+ Fix missing perf_pop() call in ssl_mbedtls.
+ Apply more checks to incoming TLS handshake packets before creating new
state.
+ Fix broadcast address configuration for broadcast-based applications
using ifconfig to get address.
- See https://community.openvpn.net/ReleaseHistory for additional
information.
* Remove patches fixed upstream:
- d/p/CVE-2025-13086.patch
[Fixed in 2.6.16]
- d/p/handle_intentional_route_push_float_ip.patch
[Fixed in 2.6.15]
* d/watch: Update download URL.
-- Lena Voytek <[email protected]> Fri, 20 Feb 2026 18:13:25
-0500
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2127658
Title:
Backport of openvpn for noble and questing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2127658/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
