Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2009:228 ] libneon

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1252693827-13155-1489

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:228

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : libneon

Date : September 10, 2009

Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,

Enterprise Server 5.0, Multi Network Firewall 2.0

_______________________________________________________________________

 

Problem Description:

 

A vulnerability has been found and corrected in neon:

 

neon before 0.28.6, when OpenSSL is used, does not properly handle

a '\0' character in a domain name in the subject's Common Name

(CN) field of an X.509 certificate, which allows man-in-the-middle

attackers to spoof arbitrary SSL servers via a crafted certificate

issued by a legitimate Certification Authority, a related issue to

CVE-2009-2408. (CVE-2009-2474)

 

This update provides a solution to this vulnerability.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2474

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.1:

1123e36a897efa834a3e0d36460dcc33 2008.1/i586/libneon0.24-0.24.7-21.2mdv2008.1.i586.rpm

3684425df6598f1a7c86aed6f286d2e7 2008.1/i586/libneon0.24-devel-0.24.7-21.2mdv2008.1.i586.rpm

ccea87a2cc2d93b87d914be1b4505a37 2008.1/i586/libneon0.24-static-devel-0.24.7-21.2mdv2008.1.i586.rpm

ca5680df443981778142576a68d9a8b1 2008.1/i586/libneon0.26-0.26.4-5.2mdv2008.1.i586.rpm

9b90410422324514c0b0645163118c9a 2008.1/i586/libneon0.26-devel-0.26.4-5.2mdv2008.1.i586.rpm

ae76995f7d095331ed5773a584b2a73c 2008.1/i586/libneon0.26-static-devel-0.26.4-5.2mdv2008.1.i586.rpm

dc1d23f9ec9b449893456baec8b6700b 2008.1/SRPMS/libneon0.24-0.24.7-21.2mdv2008.1.src.rpm

effe8d01bc8e9663dbe61a92849eb340 2008.1/SRPMS/libneon0.26-0.26.4-5.2mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

74220dd3794599f93a762ac96cdb4f2a 2008.1/x86_64/lib64neon0.24-0.24.7-21.2mdv2008.1.x86_64.rpm

e357492501ef388e756780aea057aa0e 2008.1/x86_64/lib64neon0.24-devel-0.24.7-21.2mdv2008.1.x86_64.rpm

099adbe063ff402b5f79b96aee7d28f4 2008.1/x86_64/lib64neon0.24-static-devel-0.24.7-21.2mdv2008.1.x86_64.rpm

491e88176c331b8b33850dc4ff4cf11b 2008.1/x86_64/lib64neon0.26-0.26.4-5.2mdv2008.1.x86_64.rpm

dd9b2e3e919f69cb10150ff0ce4c5559 2008.1/x86_64/lib64neon0.26-devel-0.26.4-5.2mdv2008.1.x86_64.rpm

426db2bebd6206115e358b779f62f117 2008.1/x86_64/lib64neon0.26-static-devel-0.26.4-5.2mdv2008.1.x86_64.rpm

dc1d23f9ec9b449893456baec8b6700b 2008.1/SRPMS/libneon0.24-0.24.7-21.2mdv2008.1.src.rpm

effe8d01bc8e9663dbe61a92849eb340 2008.1/SRPMS/libneon0.26-0.26.4-5.2mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

4f9454779e532e76d530121b2efed153 2009.0/i586/libneon0.26-0.26.4-6.2mdv2009.0.i586.rpm

a86b602efd802fe0a90756c54a4cfee6 2009.0/i586/libneon0.26-devel-0.26.4-6.2mdv2009.0.i586.rpm

2fbae1ec8948843b455b53463f5f216d 2009.0/i586/libneon0.26-static-devel-0.26.4-6.2mdv2009.0.i586.rpm

ecc22290b29644dd7459c2aefe5d5de4 2009.0/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

077026afcdf0c1e1d09fe098c340a85c 2009.0/x86_64/lib64neon0.26-0.26.4-6.2mdv2009.0.x86_64.rpm

91127afa4a80debcfcd49f0a19a0e442 2009.0/x86_64/lib64neon0.26-devel-0.26.4-6.2mdv2009.0.x86_64.rpm

7caf316e8079d30ca90b96903ba1702a 2009.0/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdv2009.0.x86_64.rpm

ecc22290b29644dd7459c2aefe5d5de4 2009.0/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm

 

Mandriva Linux 2009.1:

f94b7b03b28ebdc4ece54b601460bd4f 2009.1/i586/libneon0.26-0.26.4-6.2mdv2009.1.i586.rpm

0ab62c5b0622e2e3cd1f78347cc04e41 2009.1/i586/libneon0.26-devel-0.26.4-6.2mdv2009.1.i586.rpm

f340831b1373206f3f740e5d51f8c10a 2009.1/i586/libneon0.26-static-devel-0.26.4-6.2mdv2009.1.i586.rpm

746a811c1e5a3f119c57c2921fda7073 2009.1/SRPMS/libneon0.26-0.26.4-6.2mdv2009.1.src.rpm

 

Mandriva Linux 2009.1/X86_64:

e8cc5d7d17190643ab468bd1624db6a8 2009.1/x86_64/lib64neon0.26-0.26.4-6.2mdv2009.1.x86_64.rpm

4d2649aa3c3db0e734267c5eba3eb248 2009.1/x86_64/lib64neon0.26-devel-0.26.4-6.2mdv2009.1.x86_64.rpm

19ca5a647425e4db9af287de0e21bb69 2009.1/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdv2009.1.x86_64.rpm

746a811c1e5a3f119c57c2921fda7073 2009.1/SRPMS/libneon0.26-0.26.4-6.2mdv2009.1.src.rpm

 

Corporate 3.0:

d27dbab058c8fa431ddb2d6dc0b9a274 corporate/3.0/i586/libneon0.24-0.24.7-1.1.101mdk.i586.rpm

fae249ec7fa3c2621b120e7cea01a211 corporate/3.0/i586/libneon0.24-devel-0.24.7-1.1.101mdk.i586.rpm

a51842a47dd9e123f9f51d2c4d82daaa corporate/3.0/i586/libneon0.24-static-devel-0.24.7-1.1.101mdk.i586.rpm

6aac5b1670a6d20c6142b84ff9e96a51 corporate/3.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm

 

Corporate 3.0/X86_64:

9bcb2e9bbb1da24b19594fbd1738f1c2 corporate/3.0/x86_64/lib64neon0.24-0.24.7-1.1.101mdk.x86_64.rpm

6406230ecb959c719b6bdcde4004baee corporate/3.0/x86_64/lib64neon0.24-devel-0.24.7-1.1.101mdk.x86_64.rpm

80330ad1bcd75f7052196cd48acb3d23 corporate/3.0/x86_64/lib64neon0.24-static-devel-0.24.7-1.1.101mdk.x86_64.rpm

6aac5b1670a6d20c6142b84ff9e96a51 corporate/3.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm

 

Corporate 4.0:

5dd641da6ce0f905dfa934eaf8a1e576 corporate/4.0/i586/libneon0.24-0.24.7-12.1mdk.i586.rpm

1ac9cad7a7e2849428e06404a7b5f539 corporate/4.0/i586/libneon0.24-devel-0.24.7-12.1mdk.i586.rpm

15cdf86dab35fde01dda647ae6d81246 corporate/4.0/i586/libneon0.24-static-devel-0.24.7-12.1mdk.i586.rpm

4c83315bb3f59dbd748131e339e0129f corporate/4.0/i586/libneon0.25-0.25.1-3.1mdk.i586.rpm

4488e97e752f9dcfec360a5bd01be634 corporate/4.0/i586/libneon0.25-devel-0.25.1-3.1mdk.i586.rpm

894574f2e6fcc466ae5e093d202ea4a8 corporate/4.0/i586/libneon0.25-static-devel-0.25.1-3.1mdk.i586.rpm

9efb81497d770a4c54be687c15ab9786 corporate/4.0/SRPMS/libneon0.24-0.24.7-12.1mdk.src.rpm

23a233753b854143302a76f4982e42d7 corporate/4.0/SRPMS/libneon0.25-0.25.1-3.1mdk.src.rpm

 

Corporate 4.0/X86_64:

abbd0b575fab4521cf4c68258844e63f corporate/4.0/x86_64/lib64neon0.24-0.24.7-12.1mdk.x86_64.rpm

6d9a76ead78b506c8c1ccccf82ff95ae corporate/4.0/x86_64/lib64neon0.24-devel-0.24.7-12.1mdk.x86_64.rpm

e0d9b14e0794a3cd8c7f387f45252983 corporate/4.0/x86_64/lib64neon0.24-static-devel-0.24.7-12.1mdk.x86_64.rpm

9bf7d5343eefa15518a8d8347d7a7390 corporate/4.0/x86_64/lib64neon0.25-0.25.1-3.1mdk.x86_64.rpm

f874157bdb9dae35bbaf98cc6fdf64fc corporate/4.0/x86_64/lib64neon0.25-devel-0.25.1-3.1mdk.x86_64.rpm

07e03b594e6cc03e6c97104beb6d8147 corporate/4.0/x86_64/lib64neon0.25-static-devel-0.25.1-3.1mdk.x86_64.rpm

9efb81497d770a4c54be687c15ab9786 corporate/4.0/SRPMS/libneon0.24-0.24.7-12.1mdk.src.rpm

23a233753b854143302a76f4982e42d7 corporate/4.0/SRPMS/libneon0.25-0.25.1-3.1mdk.src.rpm

 

Mandriva Enterprise Server 5:

f5a94acdb8dbd9131202074428dead73 mes5/i586/libneon0.26-0.26.4-6.2mdvmes5.i586.rpm

4de9f68238916c28847f4c74eac60b25 mes5/i586/libneon0.26-devel-0.26.4-6.2mdvmes5.i586.rpm

b1a8f226dce843b68be9970081984585 mes5/i586/libneon0.26-static-devel-0.26.4-6.2mdvmes5.i586.rpm

a3202bc64e0648ec9787f6e3ad82caaf mes5/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm

 

Mandriva Enterprise Server 5/X86_64:

2be4bf50ead3eb78490aa21386dbe2f2 mes5/x86_64/lib64neon0.26-0.26.4-6.2mdvmes5.x86_64.rpm

2705e63e4d191c667d788b4bb69eb01c mes5/x86_64/lib64neon0.26-devel-0.26.4-6.2mdvmes5.x86_64.rpm

7419c8025a4ac445df90a73efd625f96 mes5/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdvmes5.x86_64.rpm

a3202bc64e0648ec9787f6e3ad82caaf mes5/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm

 

Multi Network Firewall 2.0:

b1614b9804645e49a3ab48e9eed87ead mnf/2.0/i586/libneon0.24-0.24.7-1.1.101mdk.i586.rpm

6e244da945cc42ee5a030df1635df4f3 mnf/2.0/i586/libneon0.24-devel-0.24.7-1.1.101mdk.i586.rpm

257cabc3d460426a88cf290e5a6bee97 mnf/2.0/i586/libneon0.24-static-devel-0.24.7-1.1.101mdk.i586.rpm

5cb2af5b920ccfcdbe1050af2999d419 mnf/2.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFKqmgLmqjQ0CJFipgRAvGHAJ45CNenXTIAT1JEfRHMYV8qf+R7YACglETn

xUeqM089Bi8iv7X2IMb1prs=

=5TgE

-----END PGP SIGNATURE-----

 

 

------------=_1252693827-13155-1489

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1252693827-13155-1489--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×