Nom du paquet
openconnect
Date
2013-04-10
Advisory ID
MDVSA-2013:108
Affected versions
MBS1 x86_64

Problem description

Updated openconnect packages fix security vulnerability:

A stack-based buffer overflow flaw was found in the way OpenConnect,
a client for Cisco's AnyConnect VPN, performed processing of certain
host names, paths, or cookie lists, received from the VPN gateway. A
remote VPN gateway could provide a specially-crafted host name, path
or cookie list that, when processed by the openconnect client would
lead to openconnect executable crash (CVE-2012-6128).

Updated packages

MBS1 x86_64

 ff86644272d60d629d1ddce8738bf6ac  mbs1/x86_64/lib64openconnect1-3.15-3.1.mbs1.x86_64.rpm
 f713d0e0f0793fb90c2f1491179b8903  mbs1/x86_64/lib64openconnect-devel-3.15-3.1.mbs1.x86_64.rpm
 dd22e9a5c295d8d07ff99725910a4b12  mbs1/x86_64/openconnect-3.15-3.1.mbs1.x86_64.rpm 
 a03cb1e1e35fa2e73b0f6547dfa935b8  mbs1/SRPMS/openconnect-3.15-3.1.mbs1.src.rpm

References