CVE-2026-13117

Publication date 3 July 2026

Last updated 16 July 2026


Ubuntu priority

Description

tls_wrap_reneg use after free

Read the notes from the security team

Status

Package Ubuntu Release Status
openvpn 26.04 LTS resolute
Fixed 2.7.0-1ubuntu1.2
25.10 questing Ignored end of life, was needs-triage
24.04 LTS noble
Fixed 2.6.19-0ubuntu0.24.04.3
22.04 LTS jammy
Not affected
20.04 LTS focal
Not affected
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected

Notes


mdeslaur

dynamic tls-crypt was introduced in 2.6, so jammy and earlier are not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
openvpn

References

Related Ubuntu Security Notices (USN)

Other references


Access our resources on patching vulnerabilities