openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:0317-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.18.2.2024.0317.1

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2024:0317-1)

Resumen: The remote host is missing an update for the 'openconnect' package(s) announced via the SUSE-SU-2024:0317-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openconnect' package(s) announced via the SUSE-SU-2024:0317-1 advisory.

Vulnerability Insight:
This update for openconnect fixes the following issues:

- Update to release 9.12:

* Explicitly reject overly long tun device names.
* Increase maximum input size from stdin (#579).
* Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58).
* Fix stray (null) in URL path after Pulse authentication (4023bd95).
* Fix config XML parsing mistake that left GlobalProtect ESP non-working in v9.10 (!475).
* Fix case sensitivity in GPST header matching (!474).

- Update to release 9.10:

* Fix external browser authentication with KDE plasma-nm < 5.26.
* Always redirect stdout to stderr when spawning external browser.
* Increase default queue length to 32 packets.
* Fix receiving multiple packets in one TLS frame, and single packets split across multiple TLS frames, for Array.
* Handle idiosyncratic variation in search domain separators for all protocols
* Support region selection field for Pulse authentication
* Support modified configuration packet from Pulse 9.1R16 servers
* Allow hidden form fields to be populated or converted to text fields on the command line
* Support yet another strange way of encoding challenge-based 2FA for GlobalProtect
* Add --sni option (and corresponding C and Java API functions) to allow domain-fronting connections in censored/filtered network environments
* Parrot a GlobalProtect server's software version, if present, as the client version (!333)
* Fix NULL pointer dereference that has left Android builds broken since v8.20 (!389).
* Fix Fortinet authentication bug where repeated SVPNCOOKIE causes segfaults (#514, !418).
* Support F5 VPNs which encode authentication forms only in JSON, not in HTML.
* Support simultaneous IPv6 and Legacy IP ('dual-stack') for Fortinet .
* Support 'FTM-push' token mode for Fortinet VPNs .
* Send IPv6-compatible version string in Pulse IF/T session establishment
* Add --no-external-auth option to not advertise external-browser authentication
* Many small improvements in server response parsing, and better logging messages and documentation.

- Update to release 9.01:

* Add support for AnyConnect 'Session Token Re-use Anchor Protocol' (STRAP)
* Add support for AnyConnect 'external browser' SSO mode
* Bugfix RSA SecurID token decryption and PIN entry forms, broken in v8.20
* Support Cisco's multiple-certificate authentication
* Revert GlobalProtect default route handling change from v8.20
* Suppo split-exclude routes for Fortinet
* Add webview callback and SAML/SSO support for AnyConnect, GlobalProtect

- Update to release 8.20:

* Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect.
* Emulated a newer version of GlobalProtect official clients,
5.1.5-8, was 4.0.2-19
* Support Juniper login forms containing both password and 2FA
token
* Explicitly disable 3DES and RC4, unless enabled with
--allow-insecure-crypto
* Allow protocols to delay tunnel setup and shutdown (!117)
* ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'openconnect' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-20319
Common Vulnerability Exposure (CVE) ID: CVE-2020-12105
https://security.gentoo.org/glsa/202006-15
https://gitlab.com/openconnect/openconnect/-/merge_requests/96
SuSE Security Announcement: openSUSE-SU-2020:0694 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00039.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-12823
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYSXLXAPXD2T73T6JMHI5G2WP7KHAGMN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEVTIH5UFX35CC7MVSYBGRM3D66ACFD5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX/
https://bugs.gentoo.org/721570
https://gitlab.com/openconnect/openconnect/-/merge_requests/108
https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html
SuSE Security Announcement: openSUSE-SU-2020:0997 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html
SuSE Security Announcement: openSUSE-SU-2020:1027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.2.2024.0317.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:0317-1)
Resumen:	The remote host is missing an update for the 'openconnect' package(s) announced via the SUSE-SU-2024:0317-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openconnect' package(s) announced via the SUSE-SU-2024:0317-1 advisory. Vulnerability Insight: This update for openconnect fixes the following issues: - Update to release 9.12: * Explicitly reject overly long tun device names. * Increase maximum input size from stdin (#579). * Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58). * Fix stray (null) in URL path after Pulse authentication (4023bd95). * Fix config XML parsing mistake that left GlobalProtect ESP non-working in v9.10 (!475). * Fix case sensitivity in GPST header matching (!474). - Update to release 9.10: * Fix external browser authentication with KDE plasma-nm < 5.26. * Always redirect stdout to stderr when spawning external browser. * Increase default queue length to 32 packets. * Fix receiving multiple packets in one TLS frame, and single packets split across multiple TLS frames, for Array. * Handle idiosyncratic variation in search domain separators for all protocols * Support region selection field for Pulse authentication * Support modified configuration packet from Pulse 9.1R16 servers * Allow hidden form fields to be populated or converted to text fields on the command line * Support yet another strange way of encoding challenge-based 2FA for GlobalProtect * Add --sni option (and corresponding C and Java API functions) to allow domain-fronting connections in censored/filtered network environments * Parrot a GlobalProtect server's software version, if present, as the client version (!333) * Fix NULL pointer dereference that has left Android builds broken since v8.20 (!389). * Fix Fortinet authentication bug where repeated SVPNCOOKIE causes segfaults (#514, !418). * Support F5 VPNs which encode authentication forms only in JSON, not in HTML. * Support simultaneous IPv6 and Legacy IP ('dual-stack') for Fortinet . * Support 'FTM-push' token mode for Fortinet VPNs . * Send IPv6-compatible version string in Pulse IF/T session establishment * Add --no-external-auth option to not advertise external-browser authentication * Many small improvements in server response parsing, and better logging messages and documentation. - Update to release 9.01: * Add support for AnyConnect 'Session Token Re-use Anchor Protocol' (STRAP) * Add support for AnyConnect 'external browser' SSO mode * Bugfix RSA SecurID token decryption and PIN entry forms, broken in v8.20 * Support Cisco's multiple-certificate authentication * Revert GlobalProtect default route handling change from v8.20 * Suppo split-exclude routes for Fortinet * Add webview callback and SAML/SSO support for AnyConnect, GlobalProtect - Update to release 8.20: * Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. * Emulated a newer version of GlobalProtect official clients, 5.1.5-8, was 4.0.2-19 * Support Juniper login forms containing both password and 2FA token * Explicitly disable 3DES and RC4, unless enabled with --allow-insecure-crypto * Allow protocols to delay tunnel setup and shutdown (!117) * ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'openconnect' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-20319 Common Vulnerability Exposure (CVE) ID: CVE-2020-12105 https://security.gentoo.org/glsa/202006-15 https://gitlab.com/openconnect/openconnect/-/merge_requests/96 SuSE Security Announcement: openSUSE-SU-2020:0694 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00039.html Common Vulnerability Exposure (CVE) ID: CVE-2020-12823 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYSXLXAPXD2T73T6JMHI5G2WP7KHAGMN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEVTIH5UFX35CC7MVSYBGRM3D66ACFD5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25MFX4AZE7RDCUWOL4ZOE73YBOPUMQDX/ https://bugs.gentoo.org/721570 https://gitlab.com/openconnect/openconnect/-/merge_requests/108 https://lists.debian.org/debian-lts-announce/2020/05/msg00015.html SuSE Security Announcement: openSUSE-SU-2020:0997 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00039.html SuSE Security Announcement: openSUSE-SU-2020:1027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00056.html
Copyright	Copyright (C) 2025 Greenbone AG