libopenconnect5-8.10-2.6 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11114 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libopenconnect5-8.10-2.6 on GA media These are all security issues fixed in the libopenconnect5-8.10-2.6 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11114 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11114 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-20319/ SUSE CVE CVE-2018-20319 page https://www.suse.com/security/cve/CVE-2020-12105/ SUSE CVE CVE-2020-12105 page https://www.suse.com/security/cve/CVE-2020-12823/ SUSE CVE CVE-2020-12823 page openSUSE Tumbleweed libopenconnect5-8.10-2.6 openconnect-8.10-2.6 openconnect-bash-completion-8.10-2.6 openconnect-devel-8.10-2.6 openconnect-doc-8.10-2.6 openconnect-lang-8.10-2.6 libopenconnect5-8.10-2.6 as a component of openSUSE Tumbleweed openconnect-8.10-2.6 as a component of openSUSE Tumbleweed openconnect-bash-completion-8.10-2.6 as a component of openSUSE Tumbleweed openconnect-devel-8.10-2.6 as a component of openSUSE Tumbleweed openconnect-doc-8.10-2.6 as a component of openSUSE Tumbleweed openconnect-lang-8.10-2.6 as a component of openSUSE Tumbleweed ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-20319 openSUSE Tumbleweed:libopenconnect5-8.10-2.6 openSUSE Tumbleweed:openconnect-8.10-2.6 openSUSE Tumbleweed:openconnect-bash-completion-8.10-2.6 openSUSE Tumbleweed:openconnect-devel-8.10-2.6 openSUSE Tumbleweed:openconnect-doc-8.10-2.6 openSUSE Tumbleweed:openconnect-lang-8.10-2.6 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20319.html CVE-2018-20319 https://bugzilla.suse.com/1215669 SUSE Bug 1215669 OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks. CVE-2020-12105 openSUSE Tumbleweed:libopenconnect5-8.10-2.6 openSUSE Tumbleweed:openconnect-8.10-2.6 openSUSE Tumbleweed:openconnect-bash-completion-8.10-2.6 openSUSE Tumbleweed:openconnect-devel-8.10-2.6 openSUSE Tumbleweed:openconnect-doc-8.10-2.6 openSUSE Tumbleweed:openconnect-lang-8.10-2.6 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-12105.html CVE-2020-12105 https://bugzilla.suse.com/1170452 SUSE Bug 1170452 OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. CVE-2020-12823 openSUSE Tumbleweed:libopenconnect5-8.10-2.6 openSUSE Tumbleweed:openconnect-8.10-2.6 openSUSE Tumbleweed:openconnect-bash-completion-8.10-2.6 openSUSE Tumbleweed:openconnect-devel-8.10-2.6 openSUSE Tumbleweed:openconnect-doc-8.10-2.6 openSUSE Tumbleweed:openconnect-lang-8.10-2.6 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-12823.html CVE-2020-12823 https://bugzilla.suse.com/1171862 SUSE Bug 1171862