Fedora: neon Format string vulnerabilities
Summary
neon is an HTTP and WebDAV client library, with a C interface;
providing a high-level interface to HTTP and WebDAV methods along
with a low-level interface for HTTP request handling. neon
supports persistent connections, proxy servers, basic, digest and
Kerberos authentication, and has complete SSL support.
Update Information:
Multiple format string vulnerabilities in neon 0.24.4 and earlier
allow remote malicious WebDAV servers to execute arbitrary code.
Updated packages were made available in April 2004 however the original
update notification email did not make it to fedora-announce-list at
that time.
* Wed Apr 14 2004 Joe Orton <jorton@redhat.com> 0.24.5-1
- update to 0.24.5 for CAN 2004-0179 fix
* Thu Mar 25 2004 Joe Orton <jorton@redhat.com> 0.24.4-4
- implement the Negotate auth scheme, and only over SSL
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Wed Feb 25 2004 Joe Orton <jorton@redhat.com> 0.24.4-3
- use BuildRequires not BuildPrereq, drop autoconf, libtool;
-devel requires {openssl,zlib}-devel (#116744)
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> 0.24.4-2
- rebuilt
* Mon Feb 09 2004 Joe Orton <jorton@redhat.com> 0.24.4-1
- update to 0.24.4
This update can be downloaded from:
f34a346e0d945707e888874699ed958a SRPMS/neon-0.24.5-1.src.r...
Read the Full AdvisoryChange Log
References
Fedora Update Notification FEDORA-2004-103 2004-04-14 Name : neon Version : 0.24.5 Release : 1 Summary : An HTTP and WebDAV client library Description : neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support.
Update Instructions
