Information on source package openvpn

Available versions

ReleaseVersion
jessie2.3.4-5+deb8u3
stretch2.4.0-6+deb9u4
buster2.4.7-1+deb10u1
bullseye2.5.1-3
bookworm2.6.3-1+deb12u2
trixie2.6.12-1
sid2.6.12-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-28882fixedfixedfixedfixedvulnerable (no DSA)fixedfixedOpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple ex ...
CVE-2024-5594vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixed
CVE-2022-0547fixedfixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedOpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2018-7544vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableA cross-protocol scripting issue was discovered in the management inte ...
CVE-2017-7522fixedvulnerablefixedfixedfixedfixedfixedOpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...
CVE-2016-6329vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableOpenVPN, when using a 64-bit block cipher, makes it easier for remote ...
CVE-2006-2229vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableOpenVPN 2.0.7 and earlier, when configured to use the --management opt ...

Resolved issues

BugDescription
CVE-2024-27903OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be lo ...
CVE-2024-27459The interactive service in OpenVPN 2.6.9 and earlier allows an attacke ...
CVE-2024-24974The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVP ...
CVE-2024-4877
CVE-2023-46850Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined ...
CVE-2023-46849Using the --fragment option in certain configuration setups OpenVPN ve ...
CVE-2021-3606OpenVPN before version 2.5.3 on Windows allows local users to load arb ...
CVE-2020-15078OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass ...
CVE-2020-11810An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...
CVE-2018-9336openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x ...
CVE-2017-12166OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...
CVE-2017-7521OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...
CVE-2017-7520OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...
CVE-2017-7508OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...
CVE-2017-7479OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reac ...
CVE-2017-7478OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Deni ...
CVE-2014-8104OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before ...
CVE-2013-2061The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ...
CVE-2008-3459Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...
CVE-2006-1629OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute a ...
CVE-2005-3409OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote atta ...
CVE-2005-3393Format string vulnerability in the foreign_option function in options. ...
CVE-2005-2534Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ena ...
CVE-2005-2533OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode ...
CVE-2005-2532OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue w ...
CVE-2005-2531OpenVPN before 2.0.1, when running with "verb 0" and without TLS authe ...

Security announcements

DSA / DLADescription
DSA-5555-1openvpn - security update
DLA-2992-1openvpn - security update
ELA-601-1openvpn - security update
DSA-3900-1openvpn - security update
DLA-999-1openvpn - security update
DLA-944-1openvpn - security update
DLA-98-1openvpn - security update
DSA-3084-1openvpn - security update
DSA-1045-1openvpn - design error
DSA-885-1openvpn - several
DSA-851-1openvpn - denial of service
Search for package or bug name: Reporting problems