Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 11: FEDORA-2009-8815 Critical: Neon DoS and MITM Issues

fedora
Calendar Grey August 20, 2009
Dist Fedora Esm H88
Upgrade neon to version 0.28.6 on Fedora 11 to mitigate Denial of Service and Man-In-The-Middle security risks
This update includes the latest release of neon, version 0.28.6

Summary

neon is an HTTP and WebDAV client library, with a C interface;

providing a high-level interface to HTTP and WebDAV methods along

with a low-level interface for HTTP request handling. neon

supports persistent connections, proxy servers, basic, digest and

Kerberos authentication, and has complete SSL support.

Update Information:

This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the "billion laughs" attack against expat could allow a Denial of Service attack by a malicious server. (CVE-2009-2473) * an embedded NUL byte in a certificate subject name could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert.

Topics%20covered

Topics Covered

security advisory denial of service Fedora MITM threat neon client update

Change Log

* Wed Aug 19 2009 Joe Orton 0.28.6-1 - update to 0.26.1 * Thu Jul 9 2009 Joe Orton 0.28.5-1 - update to 0.28.5 (#502451, #491839)

References

Fedora Update Notification FEDORA-2009-8815 2009-08-20 20:34:04
Name : neon Product : Fedora 11 Version : 0.28.6 Release : 1.fc11 URL : http://www.webdav.org/neon/ Summary : An HTTP and WebDAV client library Description : neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update neon' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: neon
Product: Fedora 11
Version: 0.28.6
Release: 1.fc11
URL: http://www.webdav.org/neon/
Summary: An HTTP and WebDAV client library

Topics%20covered

Topics Covered

security advisory denial of service Fedora MITM threat neon client update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here