[SECURITY] [DSA 6289-1] openvpn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6289-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2026 https://www.debian.org/security/faq -...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenVPN vulnerabilities (USN-8286-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8286-1 advisory. Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter discovered that OpenVPN incorrectly handled suitably malformed...

GO-2026-4963 openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access in github.com/jkroepke/openvpn-auth-oauth2

openvpn-auth-oauth2 returns FUNCSUCCESS on client-deny, allowing unauthenticated VPN access in github.com/jkroepke/openvpn-auth-oauth2...

USN-8286-1: OpenVPN vulnerabilities

Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter discovered that OpenVPN incorrectly handled suitably malformed packets with valid tls-crypt-v2 keys. An attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. CVE-2026-35058 Guannan Wang, Zhanpe...

USN-8286-1 openvpn vulnerabilities

Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter discovered that OpenVPN incorrectly handled suitably malformed packets with valid tls-crypt-v2 keys. An attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. CVE-2026-35058 Guannan Wang, Zhanpe...

Astra Linux - уязвимость в openvpn

A vulnerability was discovered in OpenVPN 2.4.x prior to version 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using the victim’s peer-id. Normally, such packets are discarded. However, if this packet arrives before the data channel crypto parameters have been initialized, the...

Astra Linux - уязвимость в openvpn

OpenVPN 2.1 up to v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plugins when more than one of them uses deferred authentication responses. This allows an external user to be granted access with only partially correct credentials...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ovpn: TCP – fix for extracting packets from the stream When processing TCP stream data in ovpntcprecv, we receive large cloned skbs from strprcv, which may contain multiple coalesced packets. The current implementation has two...

PT-2026-42367

openvpn-auth-oauth2 returns FUNC SUCCESS on client-deny, allowing unauthenticated VPN access in github.com/jkroepke/openvpn-auth-oauth2...

Linux Distros Unpatched Vulnerability : CVE-2026-41070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to...

Amazon Linux 2023 : openvpn, openvpn-devel (ALAS2023-2026-1644)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1644 advisory. According to upstream advisory https://community.openvpn.net/Security%20Announcements/CVE-2026-35058: OpenVPN server crash via ASSERT triggered by malformed tls-crypt-v2 packet; attacker with ...

Unity Linux 20.1070e Security Update: openvpn (UTSA-2026-017760)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017760 advisory. An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can inject a data channel v2 PDATAV2 packet using a victim's peer-id. Normally such packets are...

Unity Linux 20.1060e / 20.1070e Security Update: openvpn (UTSA-2026-017649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017649 advisory. OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred...

MGASA-2026-0126 Updated openvpn packages fix security vulnerabilities

CVE-2026-35058 - fix server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key CVE-2026-40215 - fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances...

Updated openvpn packages fix security vulnerabilities

CVE-2026-35058 - fix server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key CVE-2026-40215 - fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances...

Unity Linux 20.1070e Security Update: openvpn (UTSA-2026-017373)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017373 advisory. OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred...

CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

DEBIAN-CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

UBUNTU-CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...