HCE3-SA-2025-0122 Important HCE 3.0 Security Fix(es): OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase (CVE-2025-2704) OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression.</p> <p> (CVE-2024-5594) OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session (CVE-2024-28882) HCE 3.0 openvpn-2.6.9-4.hce3.x86_64.rpm openvpn-devel-2.6.9-4.hce3.x86_64.rpm openvpn-help-2.6.9-4.hce3.noarch.rpm openvpn-2.6.9-4.hce3.aarch64.rpm openvpn-devel-2.6.9-4.hce3.aarch64.rpm