Fedora 10 Update: neon-0.28.6-1.fc10
Summary
neon is an HTTP and WebDAV client library, with a C interface;
providing a high-level interface to HTTP and WebDAV methods along
with a low-level interface for HTTP request handling. neon
supports persistent connections, proxy servers, basic, digest and
Kerberos authentication, and has complete SSL support.
Update Information:
This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the "billion laughs" attack against expat could allow a Denial of Service attack by a malicious server. (CVE-2009-2473) * an embedded NUL byte in a certificate subject name could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. Several bug fixes are also included, notably: * X.509v1 CA certificates are trusted by default * Fix handling of some PKCS#12 certificates
Change Log
* Wed Aug 19 2009 Joe Orton
References
[ 1 ] Bug #502451 - X509v1 CA certificate is not trusted https://bugzilla.redhat.com/show_bug.cgi?id=502451
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update neon' at the command line. For more information, refer to "Managing Software with yum", available at .