openSUSE has issued an advisory on October 27: https://lists.opensuse.org/opensuse-updates/2019-10/msg00154.html The issue is fixed upstream in 8.05.
Updated package uploaded by David. Advisory: ======================== Updated openconnect packages fix security vulnerability: Buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes (CVE-2019-16239). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16239 https://lists.opensuse.org/opensuse-updates/2019-10/msg00154.html ======================== Updated packages in core/updates_testing: ======================== openconnect-8.05-1.mga7 libopenconnect5-8.05-1.mga7 libopenconnect-devel-8.05-1.mga7 from openconnect-8.05-1.mga7.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
I have tried install. All ok in Mga 7 Virtualbox x64
CC: (none) => joselp
MGA7-64 Plasma on Lenovo B50 No installation issues. No experience with VPN try command anyway (feedback translated fom Dutch): # openconnect <mydesktop> POST https://<mydesktop> Conneted with xxx.yyy.z1.z2:443 (this PC has port 443 open) SSL align (or tune?) with <mydesktop> Servercertificaat verificatie failed: subscriber not found Certificate of VPN-server "<mydesktop>" verification failed. Reason: subscriber not found To trust this server in future, you can add this to your command line: --servercert pin-sha256:cRXAHq/hyCizsPFP/bbZHe5uS4dL8OfiUr19M0exc7k= Input 'ja' to accept, 'no' to abort; something else to check: X.509 Certificate Information: Version: 1 Serial Number (hex): 0086605022d2ea660f Issuer: EMAIL=root@localhost,OU=default httpd cert for localhost,CN=localhost and more info on the signature That's as far as I go.
CC: (none) => herman.viaene
No experience with VPNs here, either. Looked into it a bit with regard to free VPN servers, and all that I found seem to use a different package to set up connections. Further exploration is beyond me. OKing this based on two clean installs. Validating. Advisory in Comment 1.
Whiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0005.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED