SUSE SLES16 Security Update : openvpn (SUSE-SU-2026:20196-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:20196-1 advisory. - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486. Tenable has extracted the...

Security update for openvpn (important)

openSUSE security update: security update for openvpn ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20137-1 Rating: important References: bsc1254486 Cross-References: CVE-2025-13086 CVSS scores: CVE-2025-13086 SUSE : 7.5...

OPENSUSE-SU-2026:20137-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486...

SUSE-SU-2026:20196-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS bsc1254486...

CVE-2025-13086

A flaw was found in OpenVPN. This vulnerability allows a denial of service DoS for the originating client via improper validation of source Internet Protocol IP addresses, allowing an attacker to open a session from a different IP address which did not initiate the connection. Mitigation Mitigati...

CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

ALPINE-CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

Ubuntu: Security Advisory (USN-7898-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2025-13086

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7alpha1 through 2.7rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client...

OpenVPN -- HMAC verification on source IP address ineffective

Arne Schwabe reports: Fix memcmp check for the hmac verification in the 3way handshake being inverted This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the...