User: Password:
Subscribe / Log in / New account

Fedora alert FEDORA-2009-8794 (neon)

Subject:  [SECURITY] Fedora 10 Update: neon-0.28.6-1.fc10
Date:  Thu, 20 Aug 2009 20:59:38 +0000
Message-ID:  <>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-8794 2009-08-20 20:33:40 -------------------------------------------------------------------------------- Name : neon Product : Fedora 10 Version : 0.28.6 Release : 1.fc10 URL : Summary : An HTTP and WebDAV client library Description : neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support. -------------------------------------------------------------------------------- Update Information: This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the "billion laughs" attack against expat could allow a Denial of Service attack by a malicious server. (CVE-2009-2473) * an embedded NUL byte in a certificate subject name could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. Several bug fixes are also included, notably: * X.509v1 CA certificates are trusted by default * Fix handling of some PKCS#12 certificates -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 19 2009 Joe Orton <> 0.28.6-1 - update to 0.28.6 * Fri May 29 2009 Joe Orton <> 0.28.4-1.1 - trust V1 CA certs by default (#502451) * Fri Mar 6 2009 Joe Orton <> 0.28.4-1 - update to 0.28.4 * Mon Jan 19 2009 Joe Orton <> 0.28.3-3 - use install-p in "make install" (Robert Scheck, #226189) -------------------------------------------------------------------------------- References: [ 1 ] Bug #502451 - X509v1 CA certificate is not trusted -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update neon' at the command line. For more information, refer to "Managing Software with yum", available at All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds