USN-4565-1: OpenConnect vulnerability
5 October 2020
OpenConnect could be made to crash if it received specially crafted input.
Releases
Packages
- openconnect - An SSL VPN client
Details
It was discovered that OpenConnect has a buffer overflow when a malicious
server uses HTTP chunked encoding with crafted chunk sizes. An attacker
could use it to provoke a denial of service (crash).
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
In general, a standard system update will make all the necessary changes.