Mandriva Linux Security Advisory : openconnect (MDVSA-2013:108)
Medium Nessus Plugin ID 66120
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated openconnect packages fix security vulnerability :
A stack-based buffer overflow flaw was found in the way OpenConnect, a client for Cisco's AnyConnect VPN, performed processing of certain host names, paths, or cookie lists, received from the VPN gateway. A remote VPN gateway could provide a specially crafted host name, path or cookie list that, when processed by the openconnect client would lead to openconnect executable crash (CVE-2012-6128).
SolutionUpdate the affected lib64openconnect-devel, lib64openconnect1 and / or openconnect packages.