openSUSE Security Update: update for openconnect
______________________________________________________________________________
Announcement ID: openSUSE-SU-2013:0979-1
Rating: moderate
References: #817152
Cross-References: CVE-2012-6128
Affected Products:
openSUSE 12.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This version update fixes several bugs:
- Frequent connection drops fixed (bnc#817152).
- Update to version 4.09
* Fix overflow on HTTP request buffers
(CVE-2012-6128)(bnc#803347)
* Fix connection to servers with round-robin DNS with
two-stage auth/connect.
* Impose minimum MTU of 1280 bytes.
* Fix some harmless issues reported by Coverity.
* Improve "Attempting to connect..." message to be
explicit when it's connecting to a proxy.
- Update to version 4.07
* Fix segmentation fault when invoked with -p argument.
* Fix handling of write stalls on CSTP (TCP) socket.
- Update to version 4.06
* Fix default CA location for non-Fedora systems with
old GnuTLS.
* Improve error handing when vpnc-script exits with
error.
* Handle PKCS#11 tokens which won't list keys without
login.
- Update to version 4.05
* Use correct CSD script for Mac OS X.
* Fix endless loop in PIN cache handling with multiple
PKCS#11 tokens.
* Fix PKCS#11 URI handling to preserve all attributes.
* Don't forget key password on GUI reconnect.
* Fix GnuTLS v3 build on OpenBSD.
- Update to version 4.04
* Fix GnuTLS password handling for PKCS#8 files.
- Update to version 4.03
* Fix --no-proxy option.
* Fix handling of requested vs. received MTU settings.
* Fix DTLS MTU for GnuTLS 3.0.21 and newer.
* Support more ciphers for OpenSSL encrypted PEM keys,
with GnuTLS.
* Fix GnuTLS compatibilty issue with servers that insist
on TLSv1.0 or non-AES ciphers (RH#836558).
- Update to version 4.02
* Fix build failure due to unconditional inclusion of