[Openvpn-announce] OpenVPN 2.6.17 released

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

The OpenVPN community project team is proud to release OpenVPN 2.6.17.

This is a bugfix release containing one security fix.

Security fixes:

* CVE-2025-13751: Windows/interactive service: fix erroneous exit on error that could be
  used by a local Windows users to achieve a local denial-of-service

Bug fixes:

* Windows/interactive service: improve service pipe robustness against
  file access races (uuid) and access by unauthorized processes (ACL).
* upgrade bundled build instruction (vcpkg and patch) for pkcs11-helper
  to 1.31, fixing a parser bug

Windows MSI changes since 2.6.16-I001:

* Built against OpenSSL 3.6.0
* Included openvpn-gui updated to 11.59.0.0
	* Authorize config before opening the service pipe
	* Remove dependence on pathcch.dll not in Windows 7
* Included win-dco driver updated to 2.8.0

More details can be found in the Changes document:

<https://github.com/OpenVPN/openvpn/blob/release/2.6/Changes.rst>

(The Changes document also contains a section with work-arounds for
common problems encountered when using OpenVPN with OpenSSL 3)

Source code and Windows installers can be downloaded from our download page:

<https://openvpn.net/community/>

Debian and Ubuntu packages are available in the official apt repositories:

<https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos#DebianUbuntu:UsingOpenVPNaptrepositories>

On Red Hat derivatives we recommend using the Fedora Copr repository.

<https://copr.fedorainfracloud.org/coprs/g/OpenVPN/openvpn-release-2.6/>

Kind regards,
Yuriy Darnobyt

[Openvpn-announce] OpenVPN 2.6.17 released

Robust and flexible VPN network tunnelling

[Openvpn-announce] OpenVPN 2.6.17 released