Описание
Security update for openconnect
This update for openconnect fixes the following issue:
Security issue fixed:
- CVE-2020-12105: Fixed the improper handling of negative return values from X509_check_ function calls that might have allowed MITM attacks (bsc#1170452).
Non-security issue fixed:
- This is a rebuild to have a higher version than openconnect on Packagehub, to avoid having a vpnc dependency. (bsc#1142093)
- A vpnc-script is included in this openconnect package.
Список пакетов
SUSE Linux Enterprise Workstation Extension 12 SP4
openconnect-7.08-3.9.1
openconnect-lang-7.08-3.9.1
SUSE Linux Enterprise Workstation Extension 12 SP5
openconnect-7.08-3.9.1
openconnect-lang-7.08-3.9.1
Ссылки
- Link for SUSE-SU-2020:1264-1
- E-Mail link for SUSE-SU-2020:1264-1
- SUSE Security Ratings
- SUSE Bug 1142093
- SUSE Bug 1170452
- SUSE CVE CVE-2020-12105 page
Описание
OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.
Затронутые продукты
SUSE Linux Enterprise Workstation Extension 12 SP4:openconnect-7.08-3.9.1
SUSE Linux Enterprise Workstation Extension 12 SP4:openconnect-lang-7.08-3.9.1
SUSE Linux Enterprise Workstation Extension 12 SP5:openconnect-7.08-3.9.1
SUSE Linux Enterprise Workstation Extension 12 SP5:openconnect-lang-7.08-3.9.1
Ссылки
- CVE-2020-12105
- SUSE Bug 1170452