Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 421273 (CVE-2012-3291) - <net-misc/openconnect-4.07-r1: buffer overflow (CVE-2012-3291)
Summary: <net-misc/openconnect-4.07-r1: buffer overflow (CVE-2012-3291)
Status: RESOLVED FIXED
Alias: CVE-2012-3291
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-06-15 19:54 UTC by GLSAMaker/CVETool Bot
Modified: 2012-12-16 16:30 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-06-15 19:54:19 UTC
CVE-2012-3291 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3291):
  Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to
  cause a denial of service via a crafted greeting banner.
Comment 1 Stuart Luppescu 2012-06-20 19:29:15 UTC
So, the author of the package, David Woodhouse, just released version 4.00, which includes support for GnuTLS, as well as lots of other neat stuff. Good time to update the ebuild.

"This release has full functionality even with GnuTLS 2.12, although it
uses OpenSSL for DTLS in that case. The GnuTLS support code is cleaned
up a little... and then made messier by adding support for the old
OpenSSL encrypted PEM files."


ftp://ftp.infradead.org/pub/openconnect/openconnect-4.00.tar.gz
ftp://ftp.infradead.org/pub/openconnect/openconnect-4.00.tar.gz.asc
Comment 2 Pacho Ramos gentoo-dev 2012-12-15 17:55:33 UTC
4.07-r1 was added
Comment 3 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-16 16:30:09 UTC
(In reply to comment #2)
> 4.07-r1 was added

Thanks, Pacho.

Please don't forget to cleanup vulnerable versions.

Closing noglsa for ~arch only.