news 28 Posted March 11, 2009 This is a multi-part message in MIME format... ------------=_1236810807-6173-2566 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:074 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libneon0.27 Date : March 10, 2009 Affected: 2008.1 _______________________________________________________________________ Problem Description: A security vulnerability has been identified and fixed in neon: neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication and Digest domain parameter support (CVE-2008-3746). The updated packages have been upgraded to version 0.28.3 to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3746 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: beb5301d9902f1a4d6bb3cab6784b732 2008.1/i586/libneon0.27-0.28.3-0.1mdv2008.1.i586.rpm e998fa1ce0cce31253af85025823e7f9 2008.1/i586/libneon0.27-devel-0.28.3-0.1mdv2008.1.i586.rpm a76d49ba8ab6dd386c3dbc2ecac05ee1 2008.1/i586/libneon0.27-static-devel-0.28.3-0.1mdv2008.1.i586.rpm bbc96d8ecbab40b712555304c0d1d9b9 2008.1/SRPMS/libneon0.27-0.28.3-0.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: a7091162b22e4cc4867ff14c2e1e148b 2008.1/x86_64/lib64neon0.27-0.28.3-0.1mdv2008.1.x86_64.rpm 7d339c49a29e1f085b7891b00d9874bd 2008.1/x86_64/lib64neon0.27-devel-0.28.3-0.1mdv2008.1.x86_64.rpm aefc2f7ee536e7320acfdd5a372b27d7 2008.1/x86_64/lib64neon0.27-static-devel-0.28.3-0.1mdv2008.1.x86_64.rpm bbc96d8ecbab40b712555304c0d1d9b9 2008.1/SRPMS/libneon0.27-0.28.3-0.1mdv2008.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJuBDPmqjQ0CJFipgRArVPAJ48DR/diXgTC415GqBPjUQbgtWRZACghuYd onFgaOhaKIai8Qn7/Yw1cE8= =tqDC -----END PGP SIGNATURE----- ------------=_1236810807-6173-2566 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________ ------------=_1236810807-6173-2566-- Share this post Link to post