Описание
ELSA-2009-1452: neon security update (MODERATE)
[0.25.5-10.el5_4.1]
- add security fixes for CVE-2009-2473 CVE-2009-2474 (#521788)
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
neon
0.25.5-10.el5_4.1
neon-devel
0.25.5-10.el5_4.1
Oracle Linux x86_64
neon
0.25.5-10.el5_4.1
neon-devel
0.25.5-10.el5_4.1
Oracle Linux i386
neon
0.25.5-10.el5_4.1
neon-devel
0.25.5-10.el5_4.1
Связанные CVE
Связанные уязвимости
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly ...
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.