Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 18.04 LTS: USN-4565-1 Moderate: OpenConnect Denial of Service

ubuntu
Calendar Grey October 6, 2020
Dist Ubuntu Esm H88
Ubuntu USN-4565-2 resolves an OpenConnect vulnerability that may lead to application termination from malicious payloads. Update strongly advised.
OpenConnect could be made to crash if it received specially crafted input.

Summary

OpenConnect could be made to crash if it received specially crafted

input.

Software Description:

- openconnect: An SSL VPN client

Details:

It was discovered that OpenConnect has a buffer overflow when a malicious

server uses HTTP chunked encoding with crafted chunk sizes. An attacker

could use it to provoke a denial of service (crash).

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libopenconnect5                 7.08-3ubuntu0.18.04.2
  openconnect                     7.08-3ubuntu0.18.04.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4565-1

CVE-2019-16239

October 05, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here