|
|
| Problem Description |
A number of various format string vulnerabilities were discovered in
the error output handling of Neon, the HTTP and WebDAV client library,
by Thomas Wana. These problems affect all versions of Neon from 0.19.0
up to and including 0.24.4.
All users are encouraged to upgrade. All client software using this
library is affected.
| Updated Packages |
Mandrakelinux 9.2
27cfdb8b6d01ff35b66e0fc2869c3684 9.2/RPMS/libneon0.24-0.24.5-0.1.92mdk.i586.rpm 4966905b742a48ca8217eeaaff61351f 9.2/RPMS/libneon0.24-devel-0.24.5-0.1.92mdk.i586.rpm f262d63f9a86605c63fa8aadfe486631 9.2/RPMS/libneon0.24-static-devel-0.24.5-0.1.92mdk.i586.rpm d4ea9089a6fe7b09f6effe42027135e9 9.2/SRPMS/libneon-0.24.5-0.1.92mdk.src.rpm
Mandrakelinux 9.2/AMD64
6ce668f23e819a8b4fc646f0f2e5357d amd64/9.2/RPMS/lib64neon0.24-0.24.5-0.1.92mdk.amd64.rpm 97185368e90d2faff99c1e5655535a42 amd64/9.2/RPMS/lib64neon0.24-devel-0.24.5-0.1.92mdk.amd64.rpm 20dec52552e5d6f903b374dd4b87d939 amd64/9.2/RPMS/lib64neon0.24-static-devel-0.24.5-0.1.92mdk.amd64.rpm d4ea9089a6fe7b09f6effe42027135e9 amd64/9.2/SRPMS/libneon-0.24.5-0.1.92mdk.src.rpm
Mandrakelinux 10.0
5016f52573f0dbac1ac0b6ddf0ba4808 10.0/RPMS/libneon0.24-0.24.5-0.1.100mdk.i586.rpm 6b60b330eedc14d35b908575ce41bd66 10.0/RPMS/libneon0.24-devel-0.24.5-0.1.100mdk.i586.rpm 55323bb21b265acd84e305f1d965eecc 10.0/RPMS/libneon0.24-static-devel-0.24.5-0.1.100mdk.i586.rpm a2f6b036d1324c66a8c4f4cf7ea63c60 10.0/SRPMS/libneon-0.24.5-0.1.100mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.