Описание
Security update for openconnect
This update for openconnect fixes the following issues:
- CVE-2019-16239: Fixed a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. (bsc#1151178)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
openconnect-7.08-3.4.1
openconnect-lang-7.08-3.4.1
SUSE Linux Enterprise Workstation Extension 12 SP4
openconnect-7.08-3.4.1
openconnect-lang-7.08-3.4.1
Ссылки
- Link for SUSE-SU-2019:2744-1
- E-Mail link for SUSE-SU-2019:2744-1
- SUSE Security Ratings
- SUSE Bug 1151178
- SUSE CVE CVE-2019-16239 page
Описание
process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:openconnect-7.08-3.4.1
SUSE Linux Enterprise Desktop 12 SP4:openconnect-lang-7.08-3.4.1
SUSE Linux Enterprise Workstation Extension 12 SP4:openconnect-7.08-3.4.1
SUSE Linux Enterprise Workstation Extension 12 SP4:openconnect-lang-7.08-3.4.1
Ссылки
- CVE-2019-16239
- SUSE Bug 1151178