Support / Security / Advisories / Mandrakelinux 9.2 / MDKSA-2004:032

Package name: libneon
Date: 2004-04-19
Advisory ID: MDKSA-2004:032
Affected versions: 9.2 i586 , 9.2 amd64 , 10.0 i586

Problem description

A number of various format string vulnerabilities were discovered in the error output handling of Neon, the HTTP and WebDAV client library, by Thomas Wana. These problems affect all versions of Neon from 0.19.0 up to and including 0.24.4. All users are encouraged to upgrade. All client software using this library is affected.

Updated packages

9.2 i586

 27cfdb8b6d01ff35b66e0fc2869c3684  9.2/RPMS/libneon0.24-0.24.5-0.1.92mdk.i586.rpm
4966905b742a48ca8217eeaaff61351f  9.2/RPMS/libneon0.24-devel-0.24.5-0.1.92mdk.i586.rpm
f262d63f9a86605c63fa8aadfe486631  9.2/RPMS/libneon0.24-static-devel-0.24.5-0.1.92mdk.i586.rpm
d4ea9089a6fe7b09f6effe42027135e9  9.2/SRPMS/libneon-0.24.5-0.1.92mdk.src.rpm

9.2 amd64

 6ce668f23e819a8b4fc646f0f2e5357d  amd64/9.2/RPMS/lib64neon0.24-0.24.5-0.1.92mdk.amd64.rpm
97185368e90d2faff99c1e5655535a42  amd64/9.2/RPMS/lib64neon0.24-devel-0.24.5-0.1.92mdk.amd64.rpm
20dec52552e5d6f903b374dd4b87d939  amd64/9.2/RPMS/lib64neon0.24-static-devel-0.24.5-0.1.92mdk.amd64.rpm
d4ea9089a6fe7b09f6effe42027135e9  amd64/9.2/SRPMS/libneon-0.24.5-0.1.92mdk.src.rpm

10.0 i586

 5016f52573f0dbac1ac0b6ddf0ba4808  10.0/RPMS/libneon0.24-0.24.5-0.1.100mdk.i586.rpm
6b60b330eedc14d35b908575ce41bd66  10.0/RPMS/libneon0.24-devel-0.24.5-0.1.100mdk.i586.rpm
55323bb21b265acd84e305f1d965eecc  10.0/RPMS/libneon0.24-static-devel-0.24.5-0.1.100mdk.i586.rpm
a2f6b036d1324c66a8c4f4cf7ea63c60  10.0/SRPMS/libneon-0.24.5-0.1.100mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179