[<prev] [next>] [day] [month] [year] [list]
Message-ID: <87ehgiersy.fsf@mid.deneb.enyo.de>
Date: Thu, 14 Feb 2013 18:19:57 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2623-1] openconnect security
update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2623-1 security@...ian.org
http://www.debian.org/security/ Florian Weimer
February 14, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openconnect
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-6128
Kevin Cernekee discovered that a malicious VPN gateway can send
crafted responses which trigger stack-based buffer overflows.
For the stable distribution (squeeze), this problem has been fixed in
version 2.25-0.1+squeeze2.
We recommend that you upgrade your openconnect packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRHR74AAoJEL97/wQC1SS+bb0IAJJsKIsF5yBv9kDifVeGbvpR
no4jMiqZpNbMvOD7lEqXkXCcdtKHhDiNrp1qUkj1qj0HAvHvYDW4MybIpcTTrzTr
Jh1qYmtdkF0zr7/4JYEc1zLdPy4ZdfkHppAMI1Tk4jR5qBhavhtNs8cZ4aJmhVTO
hel8O2mkTMSgUdsA7ig4TL7LuuvRSeA/Hd5AwinXjT5vCpBzPH0GlIWPoCiQoL5T
sK4C1Y5dVUEMyVn3MQVoKYzs3FS8Gys1iPVmUVAw9sh94oXAXEsj6KkShsuqG2ri
SS67oYeBo1xYkzW25uVTnQndZQqLQtAaSZ7ai9csEeGNHAhkv9VizxhvhGZX1q8=
=/dNn
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists