Support / Security / Advisories / Mandriva Linux 2008.1 / MDVSA-2009:074

Package name: libneon0.27
Date: 2009-03-10
Advisory ID: MDVSA-2009:074
Affected versions: 2008.1 x86_64 , 2008.1 i586

Problem description

A security vulnerability has been identified and fixed in neon:

neon 0.28.0 through 0.28.2 allows remote servers to cause a denial
of service (NULL pointer dereference and crash) via vectors related
to Digest authentication and Digest domain parameter support
(CVE-2008-3746).

The updated packages have been upgraded to version 0.28.3 to prevent
this.

Updated packages

2008.1 x86_64

 a7091162b22e4cc4867ff14c2e1e148b  2008.1/x86_64/lib64neon0.27-0.28.3-0.1mdv2008.1.x86_64.rpm
 7d339c49a29e1f085b7891b00d9874bd  2008.1/x86_64/lib64neon0.27-devel-0.28.3-0.1mdv2008.1.x86_64.rpm
 aefc2f7ee536e7320acfdd5a372b27d7  2008.1/x86_64/lib64neon0.27-static-devel-0.28.3-0.1mdv2008.1.x86_64.rpm 
 bbc96d8ecbab40b712555304c0d1d9b9  2008.1/SRPMS/libneon0.27-0.28.3-0.1mdv2008.1.src.rpm

2008.1 i586

 beb5301d9902f1a4d6bb3cab6784b732  2008.1/i586/libneon0.27-0.28.3-0.1mdv2008.1.i586.rpm
 e998fa1ce0cce31253af85025823e7f9  2008.1/i586/libneon0.27-devel-0.28.3-0.1mdv2008.1.i586.rpm
 a76d49ba8ab6dd386c3dbc2ecac05ee1  2008.1/i586/libneon0.27-static-devel-0.28.3-0.1mdv2008.1.i586.rpm 
 bbc96d8ecbab40b712555304c0d1d9b9  2008.1/SRPMS/libneon0.27-0.28.3-0.1mdv2008.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3746