SUSE: 2011:0979-1 Important: vpnc Command Injection Risk

suse

August 31, 2011

An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata An update that solves one vulnerability and has one errata is ...

Summary

Warning: Undefined array key "advisoryid" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/107563_1edcd913e2b52798c5b9126b8927230e on line 19

   SUSE Security Update: Security update for vpnc
______________________________________________________________________________

Announcement ID:    SUSE-SU-2011:0979-1
Rating:             important
References:         #651577 #708656 
Cross-References:   CVE-2011-2660
Affected Products:
                    SUSE Linux Enterprise Desktop 11 SP1
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:


   This update of vpnc fixes a flaw in the
   modify_resolvconf_suse script that  could potentially allow
   remote attackers to inject commands through  specially
   crafted DNS domains (CVE-2011-2660).

   Also a rekeying during reconnect was improved.

   Security Issue reference:

   * CVE-2011-2660
   

Indications:

   Please install this update.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Desktop 11 SP1:

      zypper in -t patch sledsp1-vpnc-5027

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Desktop 11 SP1 (i586 x86_64):

      vpnc-0.5.1-55.10.1


References:

   https://www.suse.com/security/cve/CVE-2011-2660.html

Topics Covered

security advisory security issue update important SUSE Linux command injection vpnc

References

Severity

important

Lowest

Low

Medium

High

Critical

Warning: Undefined array key "block1" in /var/www/www.linuxsecurity.com-443/html/tmp/regularlabs/custom_php/107563_c1d2d4f425d79c8c327f2b8603847ec6 on line 11

Topics Covered

security advisory security issue update important SUSE Linux command injection vpnc

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2011:0979-1 Important: vpnc Command Injection Risk

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2011:0979-1 Important: vpnc Command Injection Risk

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!