Updated openconnect packages fix security vulnerability
Publication date: 10 Jun 2020Modification date: 10 Jun 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-12105 , CVE-2020-12823
Description
Updated openconnect packages fix security vulnerabilities: OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks (CVE-2020-12105). OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c (CVE-2020-12823). The openconnect package has been updated to version 8.10, fixing these issues and other bugs. See the upstream changelog for details.
References
SRPMS
7/core
- openconnect-8.10-1.mga7