Diffusion FreeBSD ports repository 70a3176764f0

security/openvpn: security update to 2.6.14
70a3176764f0
Actions

Description

security/openvpn: security update to 2.6.14

"Fix possible ASSERT() on OpenVPN servers using --tls-crypt-v2

Security scope: OpenVPN servers between 2.6.1 and 2.6.13 using
--tls-crypt-v2 can be made to abort with an ASSERT() message by sending
a particular combination of authenticated and malformed packets.

To trigger the bug, a valid tls-crypt-v2 client key is needed, or
network observation of a handshake with a valid tls-crypt-v2 client key

No crypto integrity is violated, no data is leaked, and no remote code
execution is possible.

This bug does not affect OpenVPN clients."

ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.14/Changes.rst#overview-of-changes-in-2614
Security: 2cad4541-0f5b-11f0-89f8-411aefea0df9
Security: CVE-2025-2704
MFH: 2025Q2

Details

Provenance

mandree

Authored on Apr 2 2025, 7:26 PM

Parents

R11:a73af948cdbf: security/openvpn-devel: upgrade port to git commit b75849ba36 (2025-04-02)

Branches

Unknown

Tags

Unknown

Event Timeline

mandree committed R11:70a3176764f0: security/openvpn: security update to 2.6.14 (authored by mandree).Apr 2 2025, 7:31 PM

mandree mentioned this in R11:4c75982ca9f2: security/openvpn: security update to 2.6.14.Apr 2 2025, 7:35 PM

Changes (2)

Path

Size

security/

openvpn/

Makefile

distinfo

R11:70a3176764f0

View Options

security/openvpn/Makefile