Ubuntu Security Notice USN-835-1 - Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
968ff370e3a79298a9b7124d53f5b9ece8d5f8e220c123a1a7ea5d7a39c1313cMandriva Linux Security Advisory 2009-074 - neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication and Digest domain parameter support. The updated packages have been upgraded to version 0.28.3 to prevent this.
7b06ee39c328279e9bacbbdce907799a1dadd04860603f6ae51c2a87c48bb224
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed