Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 15 articles for you...
100
security advisorynetwork securitysoftware updateSUSE Linux: 2024:0317-1 Moderate OpenConnect Security Update
* bsc#1140772 * bsc#1157446 * bsc#1170452 * bsc#1171862 * bsc#1215669 . # Security update for openconnect Announcement ID: SUSE-SU-2024:0317-1 Rating: moderate References: * bsc#1140772 * bsc#1157446 * bsc#1170452 * bsc#1171862 * bsc#1215669 * jsc#PED-6742 * jsc#PED-7015 Cross-References: * CVE-2018-20319 * CVE-2020-12105 * CVE-2020-12823 CVSS scores: * CVE-2018-20319 ( SUSE ): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N * CVE-2020-12105 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-12105 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-12823 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L * CVE-2020-12823 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities, contains two features and has two security fixes can now be installed. ## Description: This update for openconnect fixes the following issues: * Update to release 9.12: * Explicitly reject overly long tun device names. * Increase maximum input size from stdin (#579). * Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58). * Fix stray (null) in URL path after Pulse authentication (4023bd95). * Fix config XML parsing mistake that left GlobalProtect ESP non-working in v9.10 (!475). * Fix case sensitivity in GPST header matching (!474). * Update to release 9.10: * Fix external browser authentication with KDE plasma-nm < 5.26. * Always redirect stdout to stderr when spawning external browser. * Increase default queue length to 32 packets. * Fix receiving multiplepackets in one TLS frame, and single packets split across multiple TLS frames, for Array. * Handle idiosyncratic variation in search domain separators for all protocols * Support region selection field for Pulse authentication * Support modified configuration packet from Pulse 9.1R16 servers * Allow hidden form fields to be populated or converted to text fields on the command line * Support yet another strange way of encoding challenge-based 2FA for GlobalProtect * Add --sni option (and corresponding C and Java API functions) to allow domain-fronting connections in censored/filtered network environments * Parrot a GlobalProtect server's software version, if present, as the client version (!333) * Fix NULL pointer dereference that has left Android builds broken since v8.20 (!389). * Fix Fortinet authentication bug where repeated SVPNCOOKIE causes segfaults (#514,!418). * Support F5 VPNs which encode authentication forms only in JSON, not in HTML. * Support simultaneous IPv6 and Legacy IP ("dual-stack") for Fortinet. * Support "FTM-push" token mode for Fortinet VPNs. * Send IPv6-compatible version string in Pulse IF/T session establishment * Add --no-external-auth option to not advertise external-browser authentication * Many small improvements in server response parsing, and better logging messages and documentation. * Update to release 9.01: * Add support for AnyConnect "Session Token Re-use Anchor Protocol" (STRAP) * Add support for AnyConnect "external browser" SSO mode * Bugfix RSA SecurID token decryption and PIN entry forms, broken in v8.20 * Support Cisco's multiple-certificate authentication * Revert GlobalProtect default route handling change from v8.20 * Suppo split-exclude routes for Fortinet * Add webview callback and SAML/SSO support for AnyConnect, GlobalProtect * Update to release 8.20: * Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. * Emulated a newer version of GlobalProtect official clients, 5.1.5-8; was 4.0.2-19 * Support Juniper loginforms containing both password and 2FA token * Explicitly disable 3DES and RC4, unless enabled with \--allow-insecure- crypto * Allow protocols to delay tunnel setup and shutdown (!117) * Support for GlobalProtect IPv6 * SIGUSR1now causes OpenConnect to log detailed connection information and statistics * Allow --servercert to be specified multiple times in order to accept server certificates matching more than one possible fingerprint * Demangle default routes sent as split routes by GlobalProtect * Support more Juniper login forms, including some SSO forms * Restore compatibility with newer Cisco servers, by no longer sending them the X-AnyConnect-Platform header * Add support for PPP-based protocols, currently over TLS only. * Add support for two PPP-based protocols, F5 with \--protocol=f5 and Fortinet with --protocol=fortinet. * Add support for Array Networks SSL VPN. * Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases for swtpm and hardware TPM. * Import the latest version of the vpnc-script (bsc#1140772) * This brings a lot of improvements for non-trivial network setups, IPv6 etc * Build with --without-gnutls-version-check * Update to version 8.10: * Install bash completion script to ${datadir}/bash- completion/completions/openconnect. * Improve compatibility of csd-post.sh trojan. * Fix potential buffer overflow with GnuTLS describing local certs (CVE-2020-12823, bsc#1171862, gl#openconnect/openconnect!108). * Introduce subpackage for bash-completion * Update to 8.09: * Add bash completion support. * Give more helpful error in case of Pulse servers asking for TNCC. * Sanitize non-canonical Legacy IP network addresses. * Fix OpenSSL validation for trusted but invalid certificates (CVE-2020-12105 bsc#1170452). * Convert tncc-wrapper.py to Python 3, and include modernized tncc-emulate.py as well. (!91) * Disable Nagle's algorithm for TLS sockets, to improve interactivity when tunnel runs over TCP rather than UDP. * GlobalProtect: more resilienthandling of periodic HIP check and login arguments, and predictable naming of challenge forms. * Work around PKCS#11 tokens which forget to set CKF_LOGIN_REQUIRED. * Update to 8.0.8: * Fix check of pin-sha256: public key hashes to be case sensitive * Don't give non-functioning stderr to CSD trojan scripts. * Fix crash with uninitialised OIDC token. * Update to 8.0.7: * Don't abort Pulse connection when server-provided certificate MD5 doesn't match. * Fix off-by-one in check for bad GnuTLS versions, and add build and run time checks. * Don't abort connection if CSD wrapper script returns non-zero (for now). * Make --passtos work for protocols that use ESP, in addition to DTLS. * Convert tncc-wrapper.py to Python 3, and include modernized tncc-emulate.py as well. * Remove tncc-wrapper.py script as it is python2 only bsc#1157446 * No need to ship hipreport-android.sh as it is intented for android systems only * Update to 8.0.5: * Minor fixes to build on specific platforms * Includes fix for a buffer overflow with chunked HTTP handling (CVE-2019-16239, bsc#1151178) * Use python3 to generate the web data as now it is supported by upstream * Update to 8.0.3: * Fix Cisco DTLSv1.2 support for AES256-GCM-SHA384. * Fix recognition of OTP password fields. * Update to 8.02: * Fix GNU/Hurd build. * Discover vpnc-script in default packaged location on FreeBSD/OpenBSD. * Support split-exclude routes for GlobalProtect. * Fix GnuTLS builds without libtasn1. * Fix DTLS support with OpenSSL 1.1.1+. * Add Cisco-compatible DTLSv1.2 support. * Invoke script with reason=attempt-reconnect before doing so. * Update to 8.01: * Clear form submissions (which may include passwords) before freeing (CVE-2018-20319, bsc#1215669). * Allow form responses to be provided on command line. * Add support for SSL keys stored in TPM2. * Fix ESP rekey when replay protection is disabled. * Drop support for GnuTLS older than 3.2.10. * Fix --passwd-on-stdin for Windows to not forcibly openconsole. * Fix portability of shell scripts in test suite. * Add Google Authenticator TOTP support for Juniper. * Add RFC7469 key PIN support for cert hashes. * Add protocol method to securely log out the Juniper session. * Relax requirements for Juniper hostname packet response to support old gateways. * Add API functions to query the supported protocols. * Verify ESP sequence numbers and warn even if replay protection is disabled. * Add support for PAN GlobalProtect VPN protocol (--protocol=gp). * Reorganize listing of command-line options, and include information on supported protocols. * SIGTERM cleans up the session similarly to SIGINT. * Fix memset_s() arguments. * Fix OpenBSD build. * Explicitely enable all the features as needed to stop build if something is missing ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-317=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-317=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-317=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-317=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2024-317=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * openconnect-debuginfo-9.12-150400.15.3.1 * stoken-debuginfo-0.81-150400.13.2.1 * openconnect-9.12-150400.15.3.1 * stoken-debugsource-0.81-150400.13.2.1 * openconnect-debugsource-9.12-150400.15.3.1 * libstoken1-0.81-150400.13.2.1 * stoken-gui-0.81-150400.13.2.1 * stoken-devel-0.81-150400.13.2.1 * stoken-gui-debuginfo-0.81-150400.13.2.1 * libstoken1-debuginfo-0.81-150400.13.2.1 * stoken-0.81-150400.13.2.1 * libopenconnect5-9.12-150400.15.3.1 * openconnect-devel-9.12-150400.15.3.1 *libopenconnect5-debuginfo-9.12-150400.15.3.1 * openSUSE Leap 15.4 (noarch) * openconnect-bash-completion-9.12-150400.15.3.1 * openconnect-lang-9.12-150400.15.3.1 * openconnect-doc-9.12-150400.15.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * oath-toolkit-debugsource-2.6.2-150000.3.5.1 * openconnect-9.12-150400.15.3.1 * pam_oath-2.6.2-150000.3.5.1 * stoken-debugsource-0.81-150400.13.2.1 * pam_oath-debuginfo-2.6.2-150000.3.5.1 * libopenconnect5-9.12-150400.15.3.1 * oath-toolkit-debuginfo-2.6.2-150000.3.5.1 * liboath0-2.6.2-150000.3.5.1 * openconnect-debuginfo-9.12-150400.15.3.1 * libpskc-devel-2.6.2-150000.3.5.1 * liboath0-debuginfo-2.6.2-150000.3.5.1 * libstoken1-0.81-150400.13.2.1 * libstoken1-debuginfo-0.81-150400.13.2.1 * liboath-devel-2.6.2-150000.3.5.1 * openconnect-devel-9.12-150400.15.3.1 * libpskc0-2.6.2-150000.3.5.1 * openconnect-debugsource-9.12-150400.15.3.1 * stoken-gui-0.81-150400.13.2.1 * stoken-debuginfo-0.81-150400.13.2.1 * stoken-0.81-150400.13.2.1 * stoken-gui-debuginfo-0.81-150400.13.2.1 * stoken-devel-0.81-150400.13.2.1 * oath-toolkit-2.6.2-150000.3.5.1 * libpskc0-debuginfo-2.6.2-150000.3.5.1 * libopenconnect5-debuginfo-9.12-150400.15.3.1 * openSUSE Leap 15.5 (noarch) * openconnect-lang-9.12-150400.15.3.1 * oath-toolkit-xml-2.6.2-150000.3.5.1 * openconnect-doc-9.12-150400.15.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * oath-toolkit-debugsource-2.6.2-150000.3.5.1 * liboath0-debuginfo-2.6.2-150000.3.5.1 * oath-toolkit-debuginfo-2.6.2-150000.3.5.1 * liboath0-2.6.2-150000.3.5.1 * liboath-devel-2.6.2-150000.3.5.1 * Basesystem Module 15-SP5 (noarch) * oath-toolkit-xml-2.6.2-150000.3.5.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * oath-toolkit-debugsource-2.6.2-150000.3.5.1 * openconnect-debuginfo-9.12-150400.15.3.1 * stoken-debuginfo-0.81-150400.13.2.1 * openconnect-9.12-150400.15.3.1 * libpskc-devel-2.6.2-150000.3.5.1 * libpskc0-2.6.2-150000.3.5.1 * libstoken1-0.81-150400.13.2.1 *openconnect-debugsource-9.12-150400.15.3.1 * stoken-debugsource-0.81-150400.13.2.1 * stoken-devel-0.81-150400.13.2.1 * libpskc0-debuginfo-2.6.2-150000.3.5.1 * stoken-gui-0.81-150400.13.2.1 * stoken-gui-debuginfo-0.81-150400.13.2.1 * oath-toolkit-2.6.2-150000.3.5.1 * oath-toolkit-debuginfo-2.6.2-150000.3.5.1 * libstoken1-debuginfo-0.81-150400.13.2.1 * stoken-0.81-150400.13.2.1 * libopenconnect5-9.12-150400.15.3.1 * openconnect-devel-9.12-150400.15.3.1 * libopenconnect5-debuginfo-9.12-150400.15.3.1 * SUSE Package Hub 15 15-SP5 (noarch) * openconnect-lang-9.12-150400.15.3.1 * openconnect-doc-9.12-150400.15.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * oath-toolkit-debugsource-2.6.2-150000.3.5.1 * openconnect-debuginfo-9.12-150400.15.3.1 * stoken-debuginfo-0.81-150400.13.2.1 * openconnect-9.12-150400.15.3.1 * libpskc-devel-2.6.2-150000.3.5.1 * libpskc0-2.6.2-150000.3.5.1 * libstoken1-0.81-150400.13.2.1 * openconnect-debugsource-9.12-150400.15.3.1 * stoken-debugsource-0.81-150400.13.2.1 * stoken-devel-0.81-150400.13.2.1 * libpskc0-debuginfo-2.6.2-150000.3.5.1 * oath-toolkit-debuginfo-2.6.2-150000.3.5.1 * libstoken1-debuginfo-0.81-150400.13.2.1 * libopenconnect5-9.12-150400.15.3.1 * openconnect-devel-9.12-150400.15.3.1 * libopenconnect5-debuginfo-9.12-150400.15.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (noarch) * openconnect-lang-9.12-150400.15.3.1 ## References: * https://www.suse.com/security/cve/CVE-2018-20319.html * https://www.suse.com/security/cve/CVE-2020-12105.html * https://www.suse.com/security/cve/CVE-2020-12823.html * https://bugzilla.suse.com/show_bug.cgi?id=1140772 * https://bugzilla.suse.com/show_bug.cgi?id=1157446 * https://bugzilla.suse.com/show_bug.cgi?id=1170452 * https://bugzilla.suse.com/show_bug.cgi?id=1171862 * https://bugzilla.suse.com/show_bug.cgi?id=1215669 * * . This enhancement addresses various problems associated with OpenConnect, classified as moderately critical, comprising corrections and upgrades..OpenConnect Security Update, SUSE Security Update, OpenConnect Fixes. . LinuxSecurity.com Team
Feb 02, 2024
SuSE
202
security advisorymoderatedenial of serviceopenSUSE Leap 15.2: openSUSE-SU-2020:1027-1 Moderate Openconnect Issue
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for openconnect ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1027-1 Rating: moderate References: #1171862 Cross-References: CVE-2020-12823 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openconnect fixes the following issues: - CVE-2020-12823: Fixed a buffer overflow via crafted certificate data which could have led to denial of service (bsc#1171862). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1027=1 Package List: - openSUSE Leap 15.2 (noarch): openconnect-lang-7.08-lp152.9.4.2 - openSUSE Leap 15.2 (x86_64): openconnect-7.08-lp152.9.4.2 openconnect-debuginfo-7.08-lp152.9.4.2 openconnect-debugsource-7.08-lp152.9.4.2 openconnect-devel-7.08-lp152.9.4.2 openconnect-doc-7.08-lp152.9.4.2 References: https://www.suse.com/security/cve/CVE-2020-12823.html https://bugzilla.suse.com/1171862 -- . A critical patch for openconnect resolves a buffer overflow vulnerability in openSUSE. Apply the update to maintain system integrity.. openSUSE Security Update, openconnect, buffer overflow fix. . LinuxSecurity.com Team
Jul 21, 2020
OpenSUSE
202
security advisorymoderatedenial of serviceopenSUSE Leap 15.1: Security Update - openconnect Denial of Service Risk
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for openconnect ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0997-1 Rating: moderate References: #1171862 Cross-References: CVE-2020-12823 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openconnect fixes the following issues: - CVE-2020-12823: Fixed a buffer overflow via crafted certificate data which could have led to denial of service (bsc#1171862). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-997=1 Package List: - openSUSE Leap 15.1 (x86_64): openconnect-7.08-lp151.6.9.1 openconnect-debuginfo-7.08-lp151.6.9.1 openconnect-debugsource-7.08-lp151.6.9.1 openconnect-devel-7.08-lp151.6.9.1 openconnect-doc-7.08-lp151.6.9.1 - openSUSE Leap 15.1 (noarch): openconnect-lang-7.08-lp151.6.9.1 References: https://www.suse.com/security/cve/CVE-2020-12823.html https://bugzilla.suse.com/1171862 -- . Resolutions for OpenConnect mitigating a service interruption vulnerability in the openSUSE cybersecurity patch. Urgent measures advised.. openconnect update, openSUSE patch, software security fix, denial of service. . LinuxSecurity.com Team
Jul 18, 2020
OpenSUSE
100
security advisorymoderatedenial of serviceSUSE: 2020:1807-1 Moderate: OpenConnect Buffer Overflow Fix
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for openconnect ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:1807-1 Rating: moderate References: #1171862 Cross-References: CVE-2020-12823 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openconnect fixes the following issues: - CVE-2020-12823: Fixed a buffer overflow via crafted certificate data which could have led to denial of service (bsc#1171862). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2020-1807=1 - SUSE Linux Enterprise Workstation Extension 12-SP4: zypper in -t patch SUSE-SLE-WE-12-SP4-2020-1807=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): openconnect-lang-7.08-3.12.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): openconnect-7.08-3.12.1 openconnect-debuginfo-7.08-3.12.1 openconnect-debugsource-7.08-3.12.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (x86_64): openconnect-7.08-3.12.1 openconnect-debuginfo-7.08-3.12.1 openconnect-debugsource-7.08-3.12.1 - SUSE Linux Enterprise Workstation Extension 12-SP4 (noarch): openconnect-lang-7.08-3.12.1 References: https://www.suse.com/security/cve/CVE-2020-12823.html https://bugzilla.suse.com/1171862 _______________________________________________ sle-security-updates mailing list
Jun 30, 2020
SuSE
203
security advisorybuffer overflowman-in-the-middleMageia: 2020-0251 Moderate: OpenConnect Man-In-The-Middle & Buffer Overflow
Updated openconnect packages fix security vulnerabilities: OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks (CVE-2020-12105). . MGASA-2020-0251 - Updated openconnect packages fix security vulnerability Publication date: 10 Jun 2020 URL: https://advisories.mageia.org/MGASA-2020-0251.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-12105, CVE-2020-12823 Updated openconnect packages fix security vulnerabilities: OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks (CVE-2020-12105). OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c (CVE-2020-12823). The openconnect package has been updated to version 8.10, fixing these issues and other bugs. See the upstream changelog for details. References: - https://bugs.mageia.org/show_bug.cgi?id=26624 - http://www.infradead.org/openconnect/changelog.html - https://www.cve.org/CVERecord?id=CVE-2020-12105 - https://www.cve.org/CVERecord?id=CVE-2020-12823 SRPMS: - 7/core/openconnect-8.10-1.mga7 . The recent security patch MGASA-2020-0251 for OpenConnect mitigates threats stemming from potential man-in-the-middle attacks and buffer overflow issues.. OpenConnect, Mageia Security Advisory, Security Update, Man-In-The-Middle, Buffer Overflow. . Severity: Important. LinuxSecurity.com Team
Jun 10, 2020
•Important
Mageia
89
security advisoryupdateFedoraFedora 30: FEDORA-2020-bc22f06aa3 Critical: openconnect Update
Update to 8.10 release (CVE-2020-12823). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-bc22f06aa3 2020-05-24 04:02:43.703470 --------------------------------------------------------------------------------Name : openconnect Product : Fedora 30 Version : 8.10 Release : 1.fc30 URL : http://www.infradead.org/openconnect/ Summary : Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect Description : This package provides a multiprotocol VPN client for Cisco AnyConnect, Juniper SSL VPN / Pulse Connect Secure, and Palo Alto Networks GlobalProtect SSL VPN. --------------------------------------------------------------------------------Update Information: Update to 8.10 release (CVE-2020-12823) --------------------------------------------------------------------------------ChangeLog: * Thu May 14 2020 David Woodhouse - 8.10-1 - Update to 8.10 release (CVE-2020-12823) * Sat May 2 2020 David Woodhouse - 8.09-2 - Fix path to openconnect in bash completion script * Wed Apr 29 2020 David Woodhouse - 8.09-1 - Update to 8.09 release * Mon Apr 6 2020 David Woodhouse - 8.08-1 - Update to 8.08 release (CSD stderr handling, cert checking) * Sat Apr 4 2020 David Woodhouse - 8.07-1 - Update to 8.07 release (runtime check for GnuTLS) * Tue Mar 31 2020 David Woodhouse - 8.06-1 - Update to 8.06 release (Blacklist bad GnuTLS versions for insecure DTLS) * Wed Jan 29 2020 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-bc22f06aa3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora ProjectGPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 24, 2020
•Critical
Fedora
198
security advisorysoftware updatearbitrary code executionArch Linux: ASA-202005-11 Low: OpenConnect Arbitrary Code Execution
The package openconnect before version 1:8.10-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-202005-11 ========================================= Severity: Low Date : 2020-05-19 CVE-ID : CVE-2020-12823 Package : openconnect Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1157 Summary ====== The package openconnect before version 1:8.10-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 1:8.10-1. # pacman -Syu "openconnect> =1:8.10-1" The problem has been fixed upstream in version 8.10. Workaround ========= None. Description ========== OpenConnect 8.09 has a buffer overflow in get_cert_name in gnutls.c, causing a denial of service (application crash) or possibly unspecified other impact, via crafted data in a local certificate. Impact ===== An attacker can cause the application to crash, or possibly execute arbitrary code, by tricking a user into using a specially crafted certificate. References ========= https://gitlab.com/openconnect/openconnect/-/merge_requests/108 https://security.archlinux.org/CVE-2020-12823 . Arch Linux Security Announcement ASA-202104-22 outlines a minor vulnerability identified in openconnect, which could potentially permit unauthorized code execution.. OpenConnect Security, Arch Linux Advisory, Package Update, Arbitrary Code Execution. . Severity: Low. LinuxSecurity.com Team
May 23, 2020
•Low
ArchLinux
202
security advisorymoderateMITM attackopenSUSE: 2020:0694-1 Moderate: openconnect MITM Attack Fix
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for openconnect ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0694-1 Rating: moderate References: #1170452 Cross-References: CVE-2020-12105 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openconnect fixes the following issues: Security issue fixed: - CVE-2020-12105: Fixed the improper handling of negative return values from X509_check_ function calls that might have allowed MITM attacks (bsc#1170452). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-694=1 Package List: - openSUSE Leap 15.1 (noarch): openconnect-lang-7.08-lp151.6.6.1 - openSUSE Leap 15.1 (x86_64): openconnect-7.08-lp151.6.6.1 openconnect-debuginfo-7.08-lp151.6.6.1 openconnect-debugsource-7.08-lp151.6.6.1 openconnect-devel-7.08-lp151.6.6.1 openconnect-doc-7.08-lp151.6.6.1 References: https://www.suse.com/security/cve/CVE-2020-12105.html https://bugzilla.suse.com/1170452 -- . A security patch has been released for openconnect in openSUSE, addressing a vulnerability caused by insufficient validation in function invocations.. openconnect Update, openSUSE Patch, security update. . LinuxSecurity.com Team
May 22, 2020
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!