Bug 9083 - openconnect new security issue CVE-2012-6128
: openconnect new security issue CVE-2012-6128
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: normal
: ---
Assigned To: QA Team
: http://lwn.net/Vulnerabilities/538436/
: has_procedure mga2-64-ok mga2-32-ok
: validated_update
  Show dependency treegraph
Reported: 2013-02-15 22:22 CET by David Walser
Modified: 2013-02-21 22:02 CET (History)
2 users (show)

See Also:
Source RPM: openconnect-3.15-2.1.mga2.src.rpm
Status comment:


Description David Walser 2013-02-15 22:22:28 CET
Debian has issued an advisory on February 14:

Patched packages uploaded for Mageia 2 and Cauldron.


Updated openconnect packages fix security vulnerability:

A stack-based buffer overflow flaw was found in the way OpenConnect, a client
for Cisco's "AnyConnect" VPN, performed processing of certain host names,
paths, or cookie lists, received from the VPN gateway. A remote VPN gateway
could provide a specially-crafted host name, path or cookie list that, when
processed by the openconnect client would lead to openconnect executable
crash (CVE-2012-6128).


Updated packages in core/updates_testing:

from openconnect-3.15-2.2.mga2.src.rpm
Comment 1 claire robinson 2013-02-18 12:51:48 CET
"The program openconnect connects to Cisco "AnyConnect" VPN servers"

Expecting the connection to fail as it's attempting to connect to apache.
Just testing with..

# openconnect -v localhost
Attempting to connect to
SSL negotiation with localhost
Server certificate verify failed: self signed certificate

Certificate from VPN server "localhost" failed verification.
Reason: self signed certificate
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on localhost
GET https://localhost/
Got HTTP response: HTTP/1.1 200 OK
Date: Mon, 18 Feb 2013 11:21:04 GMT
Server: Apache/2.2.23 (Mageia/PREFORK-1.mga2)
Last-Modified: Wed, 02 May 2012 21:31:48 GMT
ETag: "xxxxx-xx-xxxxxxxxxx"
Accept-Ranges: bytes
Content-Length: 131
Content-Type: text/html
HTTP body length:  (131)
Unknown response from server
Failed to obtain WebVPN cookie

Testing complete mga2 64
Comment 2 David Walser 2013-02-18 14:43:24 CET
The patch for this is pretty invasive, so if we could find someone with access to a VPN server to test that this actually works, that would be good.
Comment 3 claire robinson 2013-02-18 16:36:11 CET
Do you know of anyone?
Comment 4 claire robinson 2013-02-18 17:01:08 CET
Tested with a url found on redhat bugzilla

# openconnect -v vpn.playdom.com

Connects ok, answering yes to accept the self signed cert and only fails user authentication, due to not having a valid login.
Comment 5 claire robinson 2013-02-18 18:11:45 CET
Tested ok mga2 32


Advisory & srpm in comment 0

Could sysadmin please push from core/updates_testing to core/updates

Comment 6 Thomas Backlund 2013-02-21 22:02:27 CET
Update pushed:

Note You need to log in before you can comment on or make changes to this bug.