OpenConnect could be made to crash if it received specially crafted
input.
Software Description:
- openconnect: An SSL VPN client
Details:
It was discovered that OpenConnect has a buffer overflow when a malicious
server uses HTTP chunked encoding with crafted chunk sizes. An attacker
could use it to provoke a denial of service (crash).
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libopenconnect5 7.08-3ubuntu0.18.04.2 openconnect 7.08-3ubuntu0.18.04.2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4565-1
CVE-2019-16239
Get the latest Linux and open source security news straight to your inbox.