DSA-4607 openconnect - security update
|
Información sobre el sistema
|
|
|
Software afectado |
Debian |
Descripción
|
Lukas Kupczyk reported a vulnerability in the handling of chunked HTTPin openconnect, an open client for Cisco AnyConnect, Pulse andGlobalProtect VPN. A malicious HTTP server (after having accepted itsidentity certificate), can provide bogus chunk lengths for chunked HTTPencoding and cause a heap-based buffer overflow.
More info:
https://www.debian.org/security/2020/dsa-4607 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2019-16239 and DSA-4607. |