[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ MDVSA-2009:228 ] libneon
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [ MDVSA-2009:228 ] libneon
- From: security@xxxxxxxxxxxx
- Date: Fri, 11 Sep 2009 20:27:00 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:228
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libneon
Date : September 10, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in neon:
neon before 0.28.6, when OpenSSL is used, does not properly handle
a '\0' character in a domain name in the subject's Common Name
(CN) field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408. (CVE-2009-2474)
This update provides a solution to this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2474
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
1123e36a897efa834a3e0d36460dcc33
2008.1/i586/libneon0.24-0.24.7-21.2mdv2008.1.i586.rpm
3684425df6598f1a7c86aed6f286d2e7
2008.1/i586/libneon0.24-devel-0.24.7-21.2mdv2008.1.i586.rpm
ccea87a2cc2d93b87d914be1b4505a37
2008.1/i586/libneon0.24-static-devel-0.24.7-21.2mdv2008.1.i586.rpm
ca5680df443981778142576a68d9a8b1
2008.1/i586/libneon0.26-0.26.4-5.2mdv2008.1.i586.rpm
9b90410422324514c0b0645163118c9a
2008.1/i586/libneon0.26-devel-0.26.4-5.2mdv2008.1.i586.rpm
ae76995f7d095331ed5773a584b2a73c
2008.1/i586/libneon0.26-static-devel-0.26.4-5.2mdv2008.1.i586.rpm
dc1d23f9ec9b449893456baec8b6700b
2008.1/SRPMS/libneon0.24-0.24.7-21.2mdv2008.1.src.rpm
effe8d01bc8e9663dbe61a92849eb340
2008.1/SRPMS/libneon0.26-0.26.4-5.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
74220dd3794599f93a762ac96cdb4f2a
2008.1/x86_64/lib64neon0.24-0.24.7-21.2mdv2008.1.x86_64.rpm
e357492501ef388e756780aea057aa0e
2008.1/x86_64/lib64neon0.24-devel-0.24.7-21.2mdv2008.1.x86_64.rpm
099adbe063ff402b5f79b96aee7d28f4
2008.1/x86_64/lib64neon0.24-static-devel-0.24.7-21.2mdv2008.1.x86_64.rpm
491e88176c331b8b33850dc4ff4cf11b
2008.1/x86_64/lib64neon0.26-0.26.4-5.2mdv2008.1.x86_64.rpm
dd9b2e3e919f69cb10150ff0ce4c5559
2008.1/x86_64/lib64neon0.26-devel-0.26.4-5.2mdv2008.1.x86_64.rpm
426db2bebd6206115e358b779f62f117
2008.1/x86_64/lib64neon0.26-static-devel-0.26.4-5.2mdv2008.1.x86_64.rpm
dc1d23f9ec9b449893456baec8b6700b
2008.1/SRPMS/libneon0.24-0.24.7-21.2mdv2008.1.src.rpm
effe8d01bc8e9663dbe61a92849eb340
2008.1/SRPMS/libneon0.26-0.26.4-5.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
4f9454779e532e76d530121b2efed153
2009.0/i586/libneon0.26-0.26.4-6.2mdv2009.0.i586.rpm
a86b602efd802fe0a90756c54a4cfee6
2009.0/i586/libneon0.26-devel-0.26.4-6.2mdv2009.0.i586.rpm
2fbae1ec8948843b455b53463f5f216d
2009.0/i586/libneon0.26-static-devel-0.26.4-6.2mdv2009.0.i586.rpm
ecc22290b29644dd7459c2aefe5d5de4
2009.0/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
077026afcdf0c1e1d09fe098c340a85c
2009.0/x86_64/lib64neon0.26-0.26.4-6.2mdv2009.0.x86_64.rpm
91127afa4a80debcfcd49f0a19a0e442
2009.0/x86_64/lib64neon0.26-devel-0.26.4-6.2mdv2009.0.x86_64.rpm
7caf316e8079d30ca90b96903ba1702a
2009.0/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdv2009.0.x86_64.rpm
ecc22290b29644dd7459c2aefe5d5de4
2009.0/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
f94b7b03b28ebdc4ece54b601460bd4f
2009.1/i586/libneon0.26-0.26.4-6.2mdv2009.1.i586.rpm
0ab62c5b0622e2e3cd1f78347cc04e41
2009.1/i586/libneon0.26-devel-0.26.4-6.2mdv2009.1.i586.rpm
f340831b1373206f3f740e5d51f8c10a
2009.1/i586/libneon0.26-static-devel-0.26.4-6.2mdv2009.1.i586.rpm
746a811c1e5a3f119c57c2921fda7073
2009.1/SRPMS/libneon0.26-0.26.4-6.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
e8cc5d7d17190643ab468bd1624db6a8
2009.1/x86_64/lib64neon0.26-0.26.4-6.2mdv2009.1.x86_64.rpm
4d2649aa3c3db0e734267c5eba3eb248
2009.1/x86_64/lib64neon0.26-devel-0.26.4-6.2mdv2009.1.x86_64.rpm
19ca5a647425e4db9af287de0e21bb69
2009.1/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdv2009.1.x86_64.rpm
746a811c1e5a3f119c57c2921fda7073
2009.1/SRPMS/libneon0.26-0.26.4-6.2mdv2009.1.src.rpm
Corporate 3.0:
d27dbab058c8fa431ddb2d6dc0b9a274
corporate/3.0/i586/libneon0.24-0.24.7-1.1.101mdk.i586.rpm
fae249ec7fa3c2621b120e7cea01a211
corporate/3.0/i586/libneon0.24-devel-0.24.7-1.1.101mdk.i586.rpm
a51842a47dd9e123f9f51d2c4d82daaa
corporate/3.0/i586/libneon0.24-static-devel-0.24.7-1.1.101mdk.i586.rpm
6aac5b1670a6d20c6142b84ff9e96a51
corporate/3.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm
Corporate 3.0/X86_64:
9bcb2e9bbb1da24b19594fbd1738f1c2
corporate/3.0/x86_64/lib64neon0.24-0.24.7-1.1.101mdk.x86_64.rpm
6406230ecb959c719b6bdcde4004baee
corporate/3.0/x86_64/lib64neon0.24-devel-0.24.7-1.1.101mdk.x86_64.rpm
80330ad1bcd75f7052196cd48acb3d23
corporate/3.0/x86_64/lib64neon0.24-static-devel-0.24.7-1.1.101mdk.x86_64.rpm
6aac5b1670a6d20c6142b84ff9e96a51
corporate/3.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm
Corporate 4.0:
5dd641da6ce0f905dfa934eaf8a1e576
corporate/4.0/i586/libneon0.24-0.24.7-12.1mdk.i586.rpm
1ac9cad7a7e2849428e06404a7b5f539
corporate/4.0/i586/libneon0.24-devel-0.24.7-12.1mdk.i586.rpm
15cdf86dab35fde01dda647ae6d81246
corporate/4.0/i586/libneon0.24-static-devel-0.24.7-12.1mdk.i586.rpm
4c83315bb3f59dbd748131e339e0129f
corporate/4.0/i586/libneon0.25-0.25.1-3.1mdk.i586.rpm
4488e97e752f9dcfec360a5bd01be634
corporate/4.0/i586/libneon0.25-devel-0.25.1-3.1mdk.i586.rpm
894574f2e6fcc466ae5e093d202ea4a8
corporate/4.0/i586/libneon0.25-static-devel-0.25.1-3.1mdk.i586.rpm
9efb81497d770a4c54be687c15ab9786
corporate/4.0/SRPMS/libneon0.24-0.24.7-12.1mdk.src.rpm
23a233753b854143302a76f4982e42d7
corporate/4.0/SRPMS/libneon0.25-0.25.1-3.1mdk.src.rpm
Corporate 4.0/X86_64:
abbd0b575fab4521cf4c68258844e63f
corporate/4.0/x86_64/lib64neon0.24-0.24.7-12.1mdk.x86_64.rpm
6d9a76ead78b506c8c1ccccf82ff95ae
corporate/4.0/x86_64/lib64neon0.24-devel-0.24.7-12.1mdk.x86_64.rpm
e0d9b14e0794a3cd8c7f387f45252983
corporate/4.0/x86_64/lib64neon0.24-static-devel-0.24.7-12.1mdk.x86_64.rpm
9bf7d5343eefa15518a8d8347d7a7390
corporate/4.0/x86_64/lib64neon0.25-0.25.1-3.1mdk.x86_64.rpm
f874157bdb9dae35bbaf98cc6fdf64fc
corporate/4.0/x86_64/lib64neon0.25-devel-0.25.1-3.1mdk.x86_64.rpm
07e03b594e6cc03e6c97104beb6d8147
corporate/4.0/x86_64/lib64neon0.25-static-devel-0.25.1-3.1mdk.x86_64.rpm
9efb81497d770a4c54be687c15ab9786
corporate/4.0/SRPMS/libneon0.24-0.24.7-12.1mdk.src.rpm
23a233753b854143302a76f4982e42d7
corporate/4.0/SRPMS/libneon0.25-0.25.1-3.1mdk.src.rpm
Mandriva Enterprise Server 5:
f5a94acdb8dbd9131202074428dead73
mes5/i586/libneon0.26-0.26.4-6.2mdvmes5.i586.rpm
4de9f68238916c28847f4c74eac60b25
mes5/i586/libneon0.26-devel-0.26.4-6.2mdvmes5.i586.rpm
b1a8f226dce843b68be9970081984585
mes5/i586/libneon0.26-static-devel-0.26.4-6.2mdvmes5.i586.rpm
a3202bc64e0648ec9787f6e3ad82caaf
mes5/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm
Mandriva Enterprise Server 5/X86_64:
2be4bf50ead3eb78490aa21386dbe2f2
mes5/x86_64/lib64neon0.26-0.26.4-6.2mdvmes5.x86_64.rpm
2705e63e4d191c667d788b4bb69eb01c
mes5/x86_64/lib64neon0.26-devel-0.26.4-6.2mdvmes5.x86_64.rpm
7419c8025a4ac445df90a73efd625f96
mes5/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdvmes5.x86_64.rpm
a3202bc64e0648ec9787f6e3ad82caaf
mes5/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm
Multi Network Firewall 2.0:
b1614b9804645e49a3ab48e9eed87ead
mnf/2.0/i586/libneon0.24-0.24.7-1.1.101mdk.i586.rpm
6e244da945cc42ee5a030df1635df4f3
mnf/2.0/i586/libneon0.24-devel-0.24.7-1.1.101mdk.i586.rpm
257cabc3d460426a88cf290e5a6bee97
mnf/2.0/i586/libneon0.24-static-devel-0.24.7-1.1.101mdk.i586.rpm
5cb2af5b920ccfcdbe1050af2999d419
mnf/2.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKqmgLmqjQ0CJFipgRAvGHAJ45CNenXTIAT1JEfRHMYV8qf+R7YACglETn
xUeqM089Bi8iv7X2IMb1prs=
=5TgE
-----END PGP SIGNATURE-----