Mailinglist Archive: opensuse-updates (200 mails)

< Previous Next >
openSUSE-SU-2013:1072-1: moderate: update for openconnect
openSUSE Security Update: update for openconnect
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1072-1
Rating: moderate
References: #767616
Cross-References: CVE-2012-3291
Affected Products:
openSUSE 12.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This openconnect update to version 3.20 includes several
security and bug fixes.
- fix bnc#767616
- fix for CVE-2012-3291
- make vpnc mandatory during build, following upstream
changes
- package documentation in a -doc package
- Update to version 3.20
* Cope with non-keepalive HTTP response on authentication
success.
* Fix progress callback with incorrect cbdata which
caused KDE crash.
- Update to version 3.19
* Enable native TPM support when built with GnuTLS.
* Enable PKCS#11 token support when built with GnuTLS.
* Eliminate all SSL library exposure through
libopenconnect.
* Parse split DNS information, provide $CISCO_SPLIT_DNS
environment variable to vpnc-script.
* Attempt to provide new-style MTU information to server
(on Linux only, unless specified on command line).
* Allow building against GnuTLS, including DTLS support.
* Add --with-pkgconfigdir= option to configure for
FreeBSD's benefit (fd#48743).
- Update to version 3.18
* Fix autohate breakage with --disable-nls... hopefully.
* Fix buffer overflow in banner handling.
- Update to version 3.17
* Work around time() brokenness on Solaris.
* Fix interface plumbing on Solaris 10.
* Provide asprintf() function for (unpatched) Solaris 10.
* Make vpnc-script mandatory, like it is for vpnc
* Don't set Legacy IP address on tun device; let
vpnc-script do it.
* Detect OpenSSL even without pkg-config.
* Stop building static library by default.
* Invoke vpnc-script with "pre-init" reason to load tun
module if necessary.
- Update to version 3.16
* Fix build failure on Debian/kFreeBSD and Hurd.
* Fix memory leak of deflated packets.
* Fix memory leak of zlib state on CSTP reconnect.
* Eliminate memcpy() calls on packets from DTLS and
tunnel device.
* Use I_LINK instead of I_PLINK on Solaris to plumb
interface for Legacy IP.
* Plumb interface for IPv6 on Solaris, instead of
expecting vpnc-script to do it.
* Refer to vpnc-script and help web pages in openconnect
output.
* Fix potential crash when processing libproxy results.
* Be more conservative in detecting libproxy without
pkg-config.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-529

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.2 (i586 x86_64):

openconnect-3.20-2.4.1
openconnect-debuginfo-3.20-2.4.1
openconnect-debugsource-3.20-2.4.1
openconnect-devel-3.20-2.4.1
openconnect-doc-3.20-2.4.1

- openSUSE 12.2 (noarch):

openconnect-lang-3.20-2.4.1


References:

http://support.novell.com/security/cve/CVE-2012-3291.html
https://bugzilla.novell.com/767616


< Previous Next >
This Thread
  • No further messages