|
|
| Problem Description |
An array index error in the URI parser in neon 0.26.0 to 0.26.2 could
possibly allow remote malicious servers to cause a crash via a URI with
non-ASCII characters. This vulnerability may only exist on 64bit
systems.
Updated packages are patched to address this issue.
| Updated Packages |
Mandriva Linux 2007
1421f85cd23952a83277e289fb45cfaa 2007.0/i586/libneon0.26-0.26.1-2.1mdv2007.0.i586.rpm 07660fed4e901cec7f221662b84c0065 2007.0/i586/libneon0.26-devel-0.26.1-2.1mdv2007.0.i586.rpm 9ea39f058c170f92e3b64456a016bc2c 2007.0/i586/libneon0.26-static-devel-0.26.1-2.1mdv2007.0.i586.rpm 16dfa5adfcf08105e6a95ee6cc3a3c24 2007.0/SRPMS/libneon0.26-0.26.1-2.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
a1f3cf9e84b0c51c88751064a365b511 2007.0/x86_64/lib64neon0.26-0.26.1-2.1mdv2007.0.x86_64.rpm add591ef02ed13504a839a9c8b6030dc 2007.0/x86_64/lib64neon0.26-devel-0.26.1-2.1mdv2007.0.x86_64.rpm 559f542e49f886a14176312679c6517d 2007.0/x86_64/lib64neon0.26-static-devel-0.26.1-2.1mdv2007.0.x86_64.rpm 16dfa5adfcf08105e6a95ee6cc3a3c24 2007.0/SRPMS/libneon0.26-0.26.1-2.1mdv2007.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0157
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.