 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.18.2.2024.0317.1 |
| Category: | openSUSE Local Security Checks |
| Title: | openSUSE Security Advisory (SUSE-SU-2024:0317-1) |
| Summary: | The remote host is missing an update for the 'openconnect' package(s) announced via the SUSE-SU-2024:0317-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'openconnect' package(s) announced via the SUSE-SU-2024:0317-1 advisory. Vulnerability Insight: This update for openconnect fixes the following issues: - Update to release 9.12: * Explicitly reject overly long tun device names. * Increase maximum input size from stdin (#579). * Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58). * Fix stray (null) in URL path after Pulse authentication (4023bd95). * Fix config XML parsing mistake that left GlobalProtect ESP non-working in v9.10 (!475). * Fix case sensitivity in GPST header matching (!474). - Update to release 9.10: * Fix external browser authentication with KDE plasma-nm < 5.26. * Always redirect stdout to stderr when spawning external browser. * Increase default queue length to 32 packets. * Fix receiving multiple packets in one TLS frame, and single packets split across multiple TLS frames, for Array. * Handle idiosyncratic variation in search domain separators for all protocols * Support region selection field for Pulse authentication * Support modified configuration packet from Pulse 9.1R16 servers * Allow hidden form fields to be populated or converted to text fields on the command line * Support yet another strange way of encoding challenge-based 2FA for GlobalProtect * Add --sni option (and corresponding C and Java API functions) to allow domain-fronting connections in censored/filtered network environments * Parrot a GlobalProtect server's software version, if present, as the client version (!333) * Fix NULL pointer dereference that has left Android builds broken since v8.20 (!389). * Fix Fortinet authentication bug where repeated SVPNCOOKIE causes segfaults (#514, !418). * Support F5 VPNs which encode authentication forms only in JSON, not in HTML. * Support simultaneous IPv6 and Legacy IP ('dual-stack') for Fortinet . * Support 'FTM-push' token mode for Fortinet VPNs . * Send IPv6-compatible version string in Pulse IF/T session establishment * Add --no-external-auth option to not advertise external-browser authentication * Many small improvements in server response parsing, and better logging messages and documentation. - Update to release 9.01: * Add support for AnyConnect 'Session Token Re-use Anchor Protocol' (STRAP) * Add support for AnyConnect 'external browser' SSO mode * Bugfix RSA SecurID token decryption and PIN entry forms, broken in v8.20 * Support Cisco's multiple-certificate authentication * Revert GlobalProtect default route handling change from v8.20 * Suppo split-exclude routes for Fortinet * Add webview callback and SAML/SSO support for AnyConnect, GlobalProtect - Update to release 8.20: * Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. * Emulated a newer version of GlobalProtect official clients, 5.1.5-8, was 4.0.2-19 * Support Juniper login forms containing both password and 2FA token * Explicitly disable 3DES and RC4, unless enabled with --allow-insecure-crypto * Allow protocols to delay tunnel setup and shutdown (!117) * ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'openconnect' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-20319 Common Vulnerability Exposure (CVE) ID: CVE-2020-12105 https://security.gentoo.org/glsa/202006-15 https://gitlab.com/openconnect/openconnect/-/merge_requests/96 SuSE Security Announcement: openSUSE-SU-2020:0694 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00039.html Common Vulnerability Exposure (CVE) ID: CVE-2020-12823 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYSXLXAPXD2T73T6JMHI5G2WP7KHAGMN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEVTIH5UFX35CC7MVSYBGRM3D66ACFD5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX/ https://bugs.gentoo.org/721570 https://gitlab.com/openconnect/openconnect/-/merge_requests/108 https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html SuSE Security Announcement: openSUSE-SU-2020:0997 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html SuSE Security Announcement: openSUSE-SU-2020:1027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html |
| Copyright | Copyright (C) 2025 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |