openSUSE Security Update : openconnect (openSUSE-SU-2013:0979-1)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This version update fixes several bugs :

- Frequent connection drops fixed (bnc#817152).

- Update to version 4.09

- Fix overflow on HTTP request buffers
(CVE-2012-6128)(bnc#803347)

- Fix connection to servers with round-robin DNS with
two-stage auth/connect.

- Impose minimum MTU of 1280 bytes.

- Fix some harmless issues reported by Coverity.

- Improve 'Attempting to connect...' message to be
explicit when it's connecting to a proxy.

- Update to version 4.07

- Fix segmentation fault when invoked with -p argument.

- Fix handling of write stalls on CSTP (TCP) socket.

- Update to version 4.06

- Fix default CA location for non-Fedora systems with old
GnuTLS.

- Improve error handing when vpnc-script exits with error.

- Handle PKCS#11 tokens which won't list keys without
login.

- Update to version 4.05

- Use correct CSD script for Mac OS X.

- Fix endless loop in PIN cache handling with multiple
PKCS#11 tokens.

- Fix PKCS#11 URI handling to preserve all attributes.

- Don't forget key password on GUI reconnect.

- Fix GnuTLS v3 build on OpenBSD.

- Update to version 4.04

- Fix GnuTLS password handling for PKCS#8 files.

- Update to version 4.03

- Fix --no-proxy option.

- Fix handling of requested vs. received MTU settings.

- Fix DTLS MTU for GnuTLS 3.0.21 and newer.

- Support more ciphers for OpenSSL encrypted PEM keys,
with GnuTLS.

- Fix GnuTLS compatibility issue with servers that insist
on TLSv1.0 or non-AES ciphers (RH#836558).

- Update to version 4.02

- Fix build failure due to unconditional inclusion of
<gnutls/dtls.h>.

- Update to version 4.01

- Add support for OpenSSL's odd encrypted PKCS#1 files,
for GnuTLS.

- Fix repeated passphrase retry for OpenSSL.

- Add keystore support for Android.

- Support TPM, and also additional checks on PKCS#11
certs, even with GnuTLS 2.12.

- Fix library references to OpenSSL's
ERR_print_errors_cb() when built against GnuTLS v2.12.

- Update to version 4.00

- Add support for OpenSSL's odd encrypted PKCS#1 files,
for GnuTLS.

- Fix repeated passphrase retry for OpenSSL.

- Add keystore support for Android.

- Support TPM, and also additional checks on PKCS#11
certs, even with GnuTLS 2.12.

- Fix library references to OpenSSL's
ERR_print_errors_cb() when built against GnuTLS v2.12.

See also :

http://lists.opensuse.org/opensuse-updates/2013-06/msg00115.html
https://bugzilla.novell.com/show_bug.cgi?id=817152

Solution :

Update the affected openconnect packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 75002 ()

Bugtraq ID:

CVE ID: CVE-2012-6128

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now