Ubuntu
openconnect package

CVE-2012-3291: Heap-based buffer overflow in OpenConnect

Bug #1013946 reported by Karma Dorje on 2012-06-16

260

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	openconnect (Debian)	Fix Released	Unknown	debbugs #677594
	openconnect (Ubuntu)	Fix Released	Undecided	Unassigned

CVE-2012-3291 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3291):
Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to
cause a denial of service via a crafted greeting banner.

Karma Dorje (taaroa) on 2012-06-16

affects:

openconnect → openconnect (Ubuntu)

Bug Watch Updater (bug-watch-updater) on 2012-06-16

Changed in openconnect (Debian):
status:	Unknown → New

Bug Watch Updater (bug-watch-updater) on 2012-06-21

Changed in openconnect (Debian):
status:	New → Fix Released

Karma Dorje (taaroa) on 2012-06-22

security vulnerability:	yes → no
visibility:	private → public

Karma Dorje (taaroa) on 2012-06-22

security vulnerability:

no → yes

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2012-06-22:

Quantal now has 3.20-2.

Changed in openconnect (Ubuntu):
status:	New → Fix Released

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.