Advisories ยป MGASA-2026-0236

Updated openvpn packages fix security vulnerabilities

Publication date: 08 Jul 2026
Modification date: 08 Jul 2026
Type: security
Affected Mageia releases : 10 , 9
CVE: CVE-2026-11771 , CVE-2026-12932 , CVE-2026-12996 , CVE-2026-13117 , CVE-2026-13122 , CVE-2026-13698

Description

The updated packages fix security vulnerabilities:
Possible 1-byte buffer overrun on NTLMv2 proxy responses.
(CVE-2026-11771)
Memory-leak in tls-crypt-v2 client key handling that could lead to
out-of-memory situations and subsequent server crashes. (CVE-2026-12932)
Use-after-free bug in ack_write_buf(), triggerable by a well-timed
sequence of control channel + authentication packets. (CVE-2026-12996)
Use-after-free bug in tls_wrap_reneg(), triggerable by suitable sequence
of dynamic tls-crypt control-channel packets. (CVE-2026-13117)
Server crash on reception of suitably malformed auth-token, if
--auth-gen-token external-auth is active. (CVE-2026-13122)
Another memory leak on reception of suitable tls-crypt-v2 packets that
could lead to an out of memory situation and server crash.
(CVE-2026-13698)
                

References

SRPMS

10/core

9/core