Mageia: 2020-0251 Moderate: OpenConnect Man-In-The-Middle & Buffer Overflow
mageia
June 10, 2020
Updated openconnect packages fix security vulnerabilities: OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers...
Summary
Updated openconnect packages fix security vulnerabilities:
OpenConnect through 8.08 mishandles negative return values from
X509_check_ function calls, which might assist attackers in performing
man-in-the-middle attacks (CVE-2020-12105).
OpenConnect 8.09 has a buffer overflow, causing a denial of service
(application crash) or possibly unspecified other impact, via crafted
certificate data to get_cert_name in gnutls.c (CVE-2020-12823).
The openconnect package has been updated to version 8.10, fixing these
issues and other bugs. See the upstream changelog for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=26624
- http://www.infradead.org/openconnect/changelog.html
- https://www.cve.org/CVERecord?id=CVE-2020-12105
- https://www.cve.org/CVERecord?id=CVE-2020-12823
Topics Covered
Resolution
SRPMS
- 7/core/openconnect-8.10-1.mga7
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 10 Jun 2020
URL: https://advisories.mageia.org/MGASA-2020-0251.html
Type: security
CVE: CVE-2020-12105,
CVE-2020-12823
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!