[SECURITY] Fedora 17 Update: openconnect-4.08-1.fc17

updates at fedoraproject.org updates at fedoraproject.org
Sun Feb 24 08:46:36 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-2472
2013-02-15 04:30:41
--------------------------------------------------------------------------------

Name        : openconnect
Product     : Fedora 17
Version     : 4.08
Release     : 1.fc17
URL         : http://www.infradead.org/openconnect.html
Summary     : Open client for Cisco AnyConnect VPN
Description :
This package provides a client for Cisco's "AnyConnect" VPN, which uses
HTTPS and DTLS protocols.

--------------------------------------------------------------------------------
Update Information:

This update fixes a potential buffer overflow in HTTP request generation, which could be triggered by a malicious server generating a large number of cookies or redirecting to a large path or hostname.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 13 2013 David Woodhouse <David.Woodhouse at intel.com> - 4.08-1
- Update to 4.08 release (#910331 CVE-2012-6128)
* Fri Aug 31 2012 David Woodhouse <David.Woodhouse at intel.com> - 4.07-2
- Obsolete openconnect-lib-compat (#842840)
* Fri Aug 31 2012 David Woodhouse <David.Woodhouse at intel.com> - 4.07-1
- Update to 4.07 release (Fix #845636 CSTP write stall handling)
* Mon Jul 23 2012 David Woodhouse <David.Woodhouse at intel.com> - 4.06-1
- Update to 4.06 release
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.05-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jul 12 2012 David Woodhouse <David.Woodhouse at intel.com> - 4.05-1
- Update to 4.05 release (PKCS#11 fixes)
* Thu Jul  5 2012 David Woodhouse <David.Woodhouse at intel.com> - 4.04-1
- Update to 4.04 release (Fix PKCS#8 password handling)
* Mon Jul  2 2012 David Woodhouse <David.Woodhouse at intel.com> - 4.03-1
- Update to 4.03 release (#836558)
* Wed Jun 27 2012 David Woodhouse <David.Woodhouse at intel.com> - 4.02-1
- Update to 4.02 release
* Wed Jun 27 2012 David Woodhouse <David.Woodhouse at intel.com> - 4.01-1
- Update to 4.01 release
* Thu Jun 21 2012 David Woodhouse <David.Woodhouse at intel.com> - 4.00-3
- Remove zlib from openconnect.pc dependencies
* Thu Jun 21 2012 David Woodhouse <David.Woodhouse at intel.com> - 4.00-2
- Fix dependencies for RHEL[56]
* Wed Jun 20 2012 David Woodhouse <David.Woodhouse at intel.com> - 4.00-1
- Update to 4.00 release
* Wed Jun 20 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.99-8
- Add support for building on RHEL[56]
* Wed Jun 20 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.99-7
- Add OpenSSL encrypted PEM file support for GnuTLS
* Mon Jun 18 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.99-6
- Fix crash on cleanup when no client certificate is set (#833141)
* Sat Jun 16 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.99-5
- Enable building compatibility libopenconnect.so.1
* Thu Jun 14 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.99-4
- Last patch needs autoreconf
* Thu Jun 14 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.99-3
- Fix library not to reference OpenSSL symbols when linked against GnuTLS 2
* Thu Jun 14 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.99-2
- Fix GnuTLS BuildRequires
* Thu Jun 14 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.99-1
- Update to OpenConnect v3.99, use GnuTLS (enables PKCS#11 support)
* Sat May 19 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.20-2
- openconnect-devel package should require precisely matching openconnect
* Fri May 18 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.20-1
- Update to 3.20.
* Thu May 17 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.19-1
- Update to 3.19.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #910330 - CVE-2012-6128 openconnect: Stack-based buffer overflow when processing certain host names, paths, or cookie lists
        https://bugzilla.redhat.com/show_bug.cgi?id=910330
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update openconnect' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list