Mailinglist Archive: opensuse-updates (200 mails)

< Previous Next >
openSUSE-SU-2013:0979-1: moderate: update for openconnect
openSUSE Security Update: update for openconnect
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:0979-1
Rating: moderate
References: #817152
Cross-References: CVE-2012-6128
Affected Products:
openSUSE 12.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This version update fixes several bugs:
- Frequent connection drops fixed (bnc#817152).
- Update to version 4.09
* Fix overflow on HTTP request buffers
(CVE-2012-6128)(bnc#803347)
* Fix connection to servers with round-robin DNS with
two-stage auth/connect.
* Impose minimum MTU of 1280 bytes.
* Fix some harmless issues reported by Coverity.
* Improve "Attempting to connect..." message to be
explicit when it's connecting to a proxy.
- Update to version 4.07
* Fix segmentation fault when invoked with -p argument.
* Fix handling of write stalls on CSTP (TCP) socket.
- Update to version 4.06
* Fix default CA location for non-Fedora systems with
old GnuTLS.
* Improve error handing when vpnc-script exits with
error.
* Handle PKCS#11 tokens which won't list keys without
login.
- Update to version 4.05
* Use correct CSD script for Mac OS X.
* Fix endless loop in PIN cache handling with multiple
PKCS#11 tokens.
* Fix PKCS#11 URI handling to preserve all attributes.
* Don't forget key password on GUI reconnect.
* Fix GnuTLS v3 build on OpenBSD.
- Update to version 4.04
* Fix GnuTLS password handling for PKCS#8 files.
- Update to version 4.03
* Fix --no-proxy option.
* Fix handling of requested vs. received MTU settings.
* Fix DTLS MTU for GnuTLS 3.0.21 and newer.
* Support more ciphers for OpenSSL encrypted PEM keys,
with GnuTLS.
* Fix GnuTLS compatibilty issue with servers that insist
on TLSv1.0 or non-AES ciphers (RH#836558).
- Update to version 4.02
* Fix build failure due to unconditional inclusion of
<gnutls/dtls.h>.
- Update to version 4.01
* Add support for OpenSSL's odd encrypted PKCS#1 files,
for GnuTLS.
* Fix repeated passphrase retry for OpenSSL.
* Add keystore support for Android.
* Support TPM, and also additional checks on PKCS#11
certs, even with GnuTLS 2.12.
* Fix library references to OpenSSL's
ERR_print_errors_cb() when built against GnuTLS v2.12.
- Update to version 4.00
* Add support for OpenSSL's odd encrypted PKCS#1 files,
for GnuTLS.
* Fix repeated passphrase retry for OpenSSL.
* Add keystore support for Android.
* Support TPM, and also additional checks on PKCS#11
certs, even with GnuTLS 2.12.
* Fix library references to OpenSSL's
ERR_print_errors_cb() when built against GnuTLS v2.12.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-429

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

openconnect-4.08-3.4.1
openconnect-debuginfo-4.08-3.4.1
openconnect-debugsource-4.08-3.4.1
openconnect-devel-4.08-3.4.1
openconnect-doc-4.08-3.4.1

- openSUSE 12.3 (noarch):

openconnect-lang-4.08-3.4.1


References:

http://support.novell.com/security/cve/CVE-2012-6128.html
https://bugzilla.novell.com/817152


< Previous Next >
This Thread
  • No further messages