[SECURITY] Fedora EPEL 5 Update: openconnect-4.08-1.el5
updates at fedoraproject.org
updates at fedoraproject.org
Mon Jun 17 19:07:58 UTC 2013
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-0366
2013-02-15 18:09:41
--------------------------------------------------------------------------------
Name : openconnect
Product : Fedora EPEL 5
Version : 4.08
Release : 1.el5
URL : http://www.infradead.org/openconnect.html
Summary : Open client for Cisco AnyConnect VPN
Description :
This package provides a client for Cisco's "AnyConnect" VPN, which uses
HTTPS and DTLS protocols.
--------------------------------------------------------------------------------
Update Information:
This update fixes a potential buffer overflow in HTTP request generation, which could be triggered by a malicious server generating a large number of cookies or redirecting to a large path or hostname.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #910330 - CVE-2012-6128 openconnect: Stack-based buffer overflow when processing certain host names, paths, or cookie lists
https://bugzilla.redhat.com/show_bug.cgi?id=910330
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update openconnect' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the epel-package-announce
mailing list