6 matches found
SUSE CVE-2020-7041
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509checkhost negative error code is interpreted as a successful return value...
openSUSE Security Update : openfortivpn (openSUSE-2020-301)
This update for openfortivpn to version 1.12.0 fixes the following issues : - CVE-2020-7043: Fixed a TLS Certificate CommonName NULL Byte Vulnerability boo1165301. - CVE-2020-7042: Fixed use of uninitialized memory in X509checkhost boo1165300. - CVE-2020-7041: Fixed incorrect use of X509checkhost...
Fedora 30 : openfortivpn (2020-42eb8821db)
Update to latest upstream version to fix CVE-2020-7041, CVE-2020-7042 and CVE-2020-7043. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...
Security update for openfortivpn (important)
openSUSE Security Update: Security update for openfortivpn Announcement ID: openSUSE-SU-2020:0301-1 Rating: important References: 1165299 1165300 1165301 Cross-References: CVE-2020-7041 CVE-2020-7042 CVE-2020-7043 Affected Products: openSUSE Leap 15.1 An update that fixes three vulnerabilities is...
openSUSE: Security Advisory for openfortivpn (openSUSE-SU-2020:0301-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-7041
CVE-2020-7041 affects openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later; tunnel.c incorrectly treats an X509_check_host negative error as success, bypassing certificate hostname validation. This can permit an attacker to misverify credentials. Public advisories indicate fixes in later ope...