ALT-PU-2020-1970-1
Package openconnect updated to version 8.10-alt1 for branch sisyphus in task 251779.
Closed vulnerabilities
Published: 2020-05-12
BDU:2020-04472
Уязвимость функции get_cert_name (gnutls.c) приложения для подключения к виртуальным частным сетям OpenConnect, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2020-05-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-12823
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2020:0997
- openSUSE-SU-2020:1027
- https://bugs.gentoo.org/721570
- https://gitlab.com/openconnect/openconnect/-/merge_requests/108
- [debian-lts-announce] 20200516 [SECURITY] [DLA 2212-1] openconnect security update
- FEDORA-2020-bc22f06aa3
- FEDORA-2020-143735a624
- FEDORA-2020-2af15c566e
- GLSA-202006-15
- openSUSE-SU-2020:0997
- GLSA-202006-15
- FEDORA-2020-2af15c566e
- FEDORA-2020-143735a624
- FEDORA-2020-bc22f06aa3
- [debian-lts-announce] 20200516 [SECURITY] [DLA 2212-1] openconnect security update
- https://gitlab.com/openconnect/openconnect/-/merge_requests/108
- https://bugs.gentoo.org/721570
- openSUSE-SU-2020:1027