From Mageia wiki
Jump to: navigation, search

MGASA-2013-0060

Date: February 21st, 2013
Affected releases: 2
Media: Core


Description:
Updated openconnect packages fix security vulnerability:

A stack-based buffer overflow flaw was found in the way OpenConnect, a
client for Cisco's "AnyConnect" VPN, performed processing of certain
host names, paths, or cookie lists, received from the VPN gateway.
A remote VPN gateway could provide a specially-crafted host name, path
or cookie list that, when processed by the openconnect client would lead
to openconnect executable crash (CVE-2012-6128).


Updated Packages:
i586:
libopenconnect1-3.15-2.2.mga2.i586.rpm
libopenconnect-devel-3.15-2.2.mga2.i586.rpm
openconnect-3.15-2.2.mga2.i586.rpm
openconnect-debug-3.15-2.2.mga2.i586.rpm

x86_64:
lib64openconnect1-3.15-2.2.mga2.x86_64.rpm
lib64openconnect-devel-3.15-2.2.mga2.x86_64.rpm
openconnect-3.15-2.2.mga2.x86_64.rpm
openconnect-debug-3.15-2.2.mga2.x86_64.rpm

SRPMS:
openconnect-3.15-2.2.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6128
https://bugzilla.redhat.com/show_bug.cgi?id=910330
http://www.debian.org/security/2013/dsa-2623
https://bugs.mageia.org/show_bug.cgi?id=9083

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2013-0060&oldid=14602"