[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2009:228 ] libneon



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:228
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : libneon
 Date    : September 10, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Enterprise Server 5.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in neon:
 
 neon before 0.28.6, when OpenSSL is used, does not properly handle
 a '\0' character in a domain name in the subject's Common Name
 (CN) field of an X.509 certificate, which allows man-in-the-middle
 attackers to spoof arbitrary SSL servers via a crafted certificate
 issued by a legitimate Certification Authority, a related issue to
 CVE-2009-2408. (CVE-2009-2474)
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2474
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 1123e36a897efa834a3e0d36460dcc33  
2008.1/i586/libneon0.24-0.24.7-21.2mdv2008.1.i586.rpm
 3684425df6598f1a7c86aed6f286d2e7  
2008.1/i586/libneon0.24-devel-0.24.7-21.2mdv2008.1.i586.rpm
 ccea87a2cc2d93b87d914be1b4505a37  
2008.1/i586/libneon0.24-static-devel-0.24.7-21.2mdv2008.1.i586.rpm
 ca5680df443981778142576a68d9a8b1  
2008.1/i586/libneon0.26-0.26.4-5.2mdv2008.1.i586.rpm
 9b90410422324514c0b0645163118c9a  
2008.1/i586/libneon0.26-devel-0.26.4-5.2mdv2008.1.i586.rpm
 ae76995f7d095331ed5773a584b2a73c  
2008.1/i586/libneon0.26-static-devel-0.26.4-5.2mdv2008.1.i586.rpm 
 dc1d23f9ec9b449893456baec8b6700b  
2008.1/SRPMS/libneon0.24-0.24.7-21.2mdv2008.1.src.rpm
 effe8d01bc8e9663dbe61a92849eb340  
2008.1/SRPMS/libneon0.26-0.26.4-5.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 74220dd3794599f93a762ac96cdb4f2a  
2008.1/x86_64/lib64neon0.24-0.24.7-21.2mdv2008.1.x86_64.rpm
 e357492501ef388e756780aea057aa0e  
2008.1/x86_64/lib64neon0.24-devel-0.24.7-21.2mdv2008.1.x86_64.rpm
 099adbe063ff402b5f79b96aee7d28f4  
2008.1/x86_64/lib64neon0.24-static-devel-0.24.7-21.2mdv2008.1.x86_64.rpm
 491e88176c331b8b33850dc4ff4cf11b  
2008.1/x86_64/lib64neon0.26-0.26.4-5.2mdv2008.1.x86_64.rpm
 dd9b2e3e919f69cb10150ff0ce4c5559  
2008.1/x86_64/lib64neon0.26-devel-0.26.4-5.2mdv2008.1.x86_64.rpm
 426db2bebd6206115e358b779f62f117  
2008.1/x86_64/lib64neon0.26-static-devel-0.26.4-5.2mdv2008.1.x86_64.rpm 
 dc1d23f9ec9b449893456baec8b6700b  
2008.1/SRPMS/libneon0.24-0.24.7-21.2mdv2008.1.src.rpm
 effe8d01bc8e9663dbe61a92849eb340  
2008.1/SRPMS/libneon0.26-0.26.4-5.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 4f9454779e532e76d530121b2efed153  
2009.0/i586/libneon0.26-0.26.4-6.2mdv2009.0.i586.rpm
 a86b602efd802fe0a90756c54a4cfee6  
2009.0/i586/libneon0.26-devel-0.26.4-6.2mdv2009.0.i586.rpm
 2fbae1ec8948843b455b53463f5f216d  
2009.0/i586/libneon0.26-static-devel-0.26.4-6.2mdv2009.0.i586.rpm 
 ecc22290b29644dd7459c2aefe5d5de4  
2009.0/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 077026afcdf0c1e1d09fe098c340a85c  
2009.0/x86_64/lib64neon0.26-0.26.4-6.2mdv2009.0.x86_64.rpm
 91127afa4a80debcfcd49f0a19a0e442  
2009.0/x86_64/lib64neon0.26-devel-0.26.4-6.2mdv2009.0.x86_64.rpm
 7caf316e8079d30ca90b96903ba1702a  
2009.0/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdv2009.0.x86_64.rpm 
 ecc22290b29644dd7459c2aefe5d5de4  
2009.0/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 f94b7b03b28ebdc4ece54b601460bd4f  
2009.1/i586/libneon0.26-0.26.4-6.2mdv2009.1.i586.rpm
 0ab62c5b0622e2e3cd1f78347cc04e41  
2009.1/i586/libneon0.26-devel-0.26.4-6.2mdv2009.1.i586.rpm
 f340831b1373206f3f740e5d51f8c10a  
2009.1/i586/libneon0.26-static-devel-0.26.4-6.2mdv2009.1.i586.rpm 
 746a811c1e5a3f119c57c2921fda7073  
2009.1/SRPMS/libneon0.26-0.26.4-6.2mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 e8cc5d7d17190643ab468bd1624db6a8  
2009.1/x86_64/lib64neon0.26-0.26.4-6.2mdv2009.1.x86_64.rpm
 4d2649aa3c3db0e734267c5eba3eb248  
2009.1/x86_64/lib64neon0.26-devel-0.26.4-6.2mdv2009.1.x86_64.rpm
 19ca5a647425e4db9af287de0e21bb69  
2009.1/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdv2009.1.x86_64.rpm 
 746a811c1e5a3f119c57c2921fda7073  
2009.1/SRPMS/libneon0.26-0.26.4-6.2mdv2009.1.src.rpm

 Corporate 3.0:
 d27dbab058c8fa431ddb2d6dc0b9a274  
corporate/3.0/i586/libneon0.24-0.24.7-1.1.101mdk.i586.rpm
 fae249ec7fa3c2621b120e7cea01a211  
corporate/3.0/i586/libneon0.24-devel-0.24.7-1.1.101mdk.i586.rpm
 a51842a47dd9e123f9f51d2c4d82daaa  
corporate/3.0/i586/libneon0.24-static-devel-0.24.7-1.1.101mdk.i586.rpm 
 6aac5b1670a6d20c6142b84ff9e96a51  
corporate/3.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm

 Corporate 3.0/X86_64:
 9bcb2e9bbb1da24b19594fbd1738f1c2  
corporate/3.0/x86_64/lib64neon0.24-0.24.7-1.1.101mdk.x86_64.rpm
 6406230ecb959c719b6bdcde4004baee  
corporate/3.0/x86_64/lib64neon0.24-devel-0.24.7-1.1.101mdk.x86_64.rpm
 80330ad1bcd75f7052196cd48acb3d23  
corporate/3.0/x86_64/lib64neon0.24-static-devel-0.24.7-1.1.101mdk.x86_64.rpm 
 6aac5b1670a6d20c6142b84ff9e96a51  
corporate/3.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm

 Corporate 4.0:
 5dd641da6ce0f905dfa934eaf8a1e576  
corporate/4.0/i586/libneon0.24-0.24.7-12.1mdk.i586.rpm
 1ac9cad7a7e2849428e06404a7b5f539  
corporate/4.0/i586/libneon0.24-devel-0.24.7-12.1mdk.i586.rpm
 15cdf86dab35fde01dda647ae6d81246  
corporate/4.0/i586/libneon0.24-static-devel-0.24.7-12.1mdk.i586.rpm
 4c83315bb3f59dbd748131e339e0129f  
corporate/4.0/i586/libneon0.25-0.25.1-3.1mdk.i586.rpm
 4488e97e752f9dcfec360a5bd01be634  
corporate/4.0/i586/libneon0.25-devel-0.25.1-3.1mdk.i586.rpm
 894574f2e6fcc466ae5e093d202ea4a8  
corporate/4.0/i586/libneon0.25-static-devel-0.25.1-3.1mdk.i586.rpm 
 9efb81497d770a4c54be687c15ab9786  
corporate/4.0/SRPMS/libneon0.24-0.24.7-12.1mdk.src.rpm
 23a233753b854143302a76f4982e42d7  
corporate/4.0/SRPMS/libneon0.25-0.25.1-3.1mdk.src.rpm

 Corporate 4.0/X86_64:
 abbd0b575fab4521cf4c68258844e63f  
corporate/4.0/x86_64/lib64neon0.24-0.24.7-12.1mdk.x86_64.rpm
 6d9a76ead78b506c8c1ccccf82ff95ae  
corporate/4.0/x86_64/lib64neon0.24-devel-0.24.7-12.1mdk.x86_64.rpm
 e0d9b14e0794a3cd8c7f387f45252983  
corporate/4.0/x86_64/lib64neon0.24-static-devel-0.24.7-12.1mdk.x86_64.rpm
 9bf7d5343eefa15518a8d8347d7a7390  
corporate/4.0/x86_64/lib64neon0.25-0.25.1-3.1mdk.x86_64.rpm
 f874157bdb9dae35bbaf98cc6fdf64fc  
corporate/4.0/x86_64/lib64neon0.25-devel-0.25.1-3.1mdk.x86_64.rpm
 07e03b594e6cc03e6c97104beb6d8147  
corporate/4.0/x86_64/lib64neon0.25-static-devel-0.25.1-3.1mdk.x86_64.rpm 
 9efb81497d770a4c54be687c15ab9786  
corporate/4.0/SRPMS/libneon0.24-0.24.7-12.1mdk.src.rpm
 23a233753b854143302a76f4982e42d7  
corporate/4.0/SRPMS/libneon0.25-0.25.1-3.1mdk.src.rpm

 Mandriva Enterprise Server 5:
 f5a94acdb8dbd9131202074428dead73  
mes5/i586/libneon0.26-0.26.4-6.2mdvmes5.i586.rpm
 4de9f68238916c28847f4c74eac60b25  
mes5/i586/libneon0.26-devel-0.26.4-6.2mdvmes5.i586.rpm
 b1a8f226dce843b68be9970081984585  
mes5/i586/libneon0.26-static-devel-0.26.4-6.2mdvmes5.i586.rpm 
 a3202bc64e0648ec9787f6e3ad82caaf  
mes5/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 2be4bf50ead3eb78490aa21386dbe2f2  
mes5/x86_64/lib64neon0.26-0.26.4-6.2mdvmes5.x86_64.rpm
 2705e63e4d191c667d788b4bb69eb01c  
mes5/x86_64/lib64neon0.26-devel-0.26.4-6.2mdvmes5.x86_64.rpm
 7419c8025a4ac445df90a73efd625f96  
mes5/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdvmes5.x86_64.rpm 
 a3202bc64e0648ec9787f6e3ad82caaf  
mes5/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm

 Multi Network Firewall 2.0:
 b1614b9804645e49a3ab48e9eed87ead  
mnf/2.0/i586/libneon0.24-0.24.7-1.1.101mdk.i586.rpm
 6e244da945cc42ee5a030df1635df4f3  
mnf/2.0/i586/libneon0.24-devel-0.24.7-1.1.101mdk.i586.rpm
 257cabc3d460426a88cf290e5a6bee97  
mnf/2.0/i586/libneon0.24-static-devel-0.24.7-1.1.101mdk.i586.rpm 
 5cb2af5b920ccfcdbe1050af2999d419  
mnf/2.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKqmgLmqjQ0CJFipgRAvGHAJ45CNenXTIAT1JEfRHMYV8qf+R7YACglETn
xUeqM089Bi8iv7X2IMb1prs=
=5TgE
-----END PGP SIGNATURE-----