oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

neon 0.28.6 - CVE-2009-2473, CVE-2009-2474

From: Joe Orton <jorton () redhat com>
Date: Tue, 18 Aug 2009 16:57:01 +0100
neon 0.28.6 has been released today with two security fixes:

* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
  could allow a Denial of Service attack by a malicious server.
* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in
  a certificate subject name with OpenSSL; could allow an undetected
  MITM attack against an SSL server if a trusted CA issues such a cert.

For more information: http://www.webdav.org/neon/ 
http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html 
http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html 
http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html

Regards, Joe
Previous By Date Next
Previous By Thread Next

Current thread: