Skip to content

v2.6.14

Latest
Latest
Compare
Choose a tag to compare
@uddr uddr released this 02 Apr 17:55
· 716 commits to master since this release
v2.6.14
f588592

Security fixes:

  • CVE-2025-2704: fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2
    Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using
    --tls-crypt-v2 can be made to abort with an ASSERT() message by
    sending a particular combination of authenticated and malformed packets.
    To trigger the bug, a valid tls-crypt-v2 client key is needed, or
    network observation of a handshake with a valid tls-crypt-v2 client key.
    No crypto integrity is violated, no data is leaked, and no remote
    code execution is possible.
    This bug does not affect OpenVPN clients.
    (Bug found by internal QA at OpenVPN Inc)

Bug fixes:

  • Linux DCO: repair source IP selection for --multihome (Qingfang Deng)

Windows Client: Community MSI installer for Windows client can be found at Community Downloads.

Linux Packages: Instructions for installing community-maintained Linux packages can be found in the Community Wiki.

Full Changelog: v2.6.13...v2.6.14

Assets 4
Loading