CVE-2009-5009
Published: 14 October 2010
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.
Priority
Status
Package | Release | Status |
---|---|---|
openconnect Launchpad, Ubuntu, Debian |
upstream |
Released
(1.40)
|
dapper |
Does not exist
|
|
hardy |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Not vulnerable
(fixed in 1.40-1)
|
|
lucid |
Not vulnerable
(fixed in 1.40-1)
|
|
maverick |
Not vulnerable
(fixed in 1.40-1)
|
|
natty |
Not vulnerable
(fixed in 1.40-1)
|