MGASA-2026-0236

Source
https://advisories.mageia.org/MGASA-2026-0236.html
Import Source
https://advisories.mageia.org/MGASA-2026-0236.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2026-0236
Upstream
  • CVE-2026-11771
  • CVE-2026-12932
  • CVE-2026-12996
  • CVE-2026-13117
Published
2026-07-08T16:36:03Z
Modified
2026-07-08T16:45:05.314177777Z
Summary
Updated openvpn packages fix security vulnerabilities
Details

The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. (CVE-2026-11771) Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. (CVE-2026-12932) Use-after-free bug in ackwritebuf(), triggerable by a well-timed sequence of control channel + authentication packets. (CVE-2026-12996) Use-after-free bug in tlswrapreneg(), triggerable by suitable sequence of dynamic tls-crypt control-channel packets. (CVE-2026-13117) Server crash on reception of suitably malformed auth-token, if --auth-gen-token external-auth is active. (CVE-2026-13122) Another memory leak on reception of suitable tls-crypt-v2 packets that could lead to an out of memory situation and server crash. (CVE-2026-13698)

References
Credits

Affected packages

Mageia:10 / openvpn

Package

Name
openvpn
Purl
pkg:rpm/mageia/openvpn?arch=source&distro=mageia-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.21-1.mga10

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0236.json"

Mageia:9 / openvpn

Package

Name
openvpn
Purl
pkg:rpm/mageia/openvpn?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.21-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0236.json"