[ MDVSA-2009:074 ] libneon0.27

[dude67]

_______________________________________________________________________

Package : libneon0.27
Date : March 10, 2009
Affected: 2008.1
_______________________________________________________________________

Problem Description:

A security vulnerability has been identified and fixed in neon:

neon 0.28.0 through 0.28.2 allows remote servers to cause a denial
of service (NULL pointer dereference and crash) via vectors related
to Digest authentication and Digest domain parameter support
(CVE-2008-3746).

The updated packages have been upgraded to version 0.28.3 to prevent
this.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-3746
_______________________________________________________________________