------------------------------------------------------------------------- Debian LTS Advisory DLA-4079-2 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Carlos Henrique Lima Melara August 31, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : openvpn Version : 2.5.1-3+deb11u2 CVE ID : Debian Bug : 1112516 The upstream fix for CVE-2024-5594 released in DLA-4079-1 restricted characters in control channel messages including \n and \r, but many scripts add them. This regression fix basically allows \n and \r in the control channel messages. For Debian 11 bullseye, this problem has been fixed in version 2.5.1-3+deb11u2. We recommend that you upgrade your openvpn packages. For the detailed security status of openvpn please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openvpn Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature