Mandriva Linux Security Advisory 2009-228 - neon before 0.28.6, when OpenSSL is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. This update provides a solution to this vulnerability.
18e9fa5f9f8141d73b14184dbaa578570f376ab2fbed07496797d27052465122
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:228
https://www.mandriva.com/security/
_______________________________________________________________________
Package : libneon
Date : September 10, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in neon:
neon before 0.28.6, when OpenSSL is used, does not properly handle
a '\0' character in a domain name in the subject's Common Name
(CN) field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408. (CVE-2009-2474)
This update provides a solution to this vulnerability.
_______________________________________________________________________
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2474
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
1123e36a897efa834a3e0d36460dcc33 2008.1/i586/libneon0.24-0.24.7-21.2mdv2008.1.i586.rpm
3684425df6598f1a7c86aed6f286d2e7 2008.1/i586/libneon0.24-devel-0.24.7-21.2mdv2008.1.i586.rpm
ccea87a2cc2d93b87d914be1b4505a37 2008.1/i586/libneon0.24-static-devel-0.24.7-21.2mdv2008.1.i586.rpm
ca5680df443981778142576a68d9a8b1 2008.1/i586/libneon0.26-0.26.4-5.2mdv2008.1.i586.rpm
9b90410422324514c0b0645163118c9a 2008.1/i586/libneon0.26-devel-0.26.4-5.2mdv2008.1.i586.rpm
ae76995f7d095331ed5773a584b2a73c 2008.1/i586/libneon0.26-static-devel-0.26.4-5.2mdv2008.1.i586.rpm
dc1d23f9ec9b449893456baec8b6700b 2008.1/SRPMS/libneon0.24-0.24.7-21.2mdv2008.1.src.rpm
effe8d01bc8e9663dbe61a92849eb340 2008.1/SRPMS/libneon0.26-0.26.4-5.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
74220dd3794599f93a762ac96cdb4f2a 2008.1/x86_64/lib64neon0.24-0.24.7-21.2mdv2008.1.x86_64.rpm
e357492501ef388e756780aea057aa0e 2008.1/x86_64/lib64neon0.24-devel-0.24.7-21.2mdv2008.1.x86_64.rpm
099adbe063ff402b5f79b96aee7d28f4 2008.1/x86_64/lib64neon0.24-static-devel-0.24.7-21.2mdv2008.1.x86_64.rpm
491e88176c331b8b33850dc4ff4cf11b 2008.1/x86_64/lib64neon0.26-0.26.4-5.2mdv2008.1.x86_64.rpm
dd9b2e3e919f69cb10150ff0ce4c5559 2008.1/x86_64/lib64neon0.26-devel-0.26.4-5.2mdv2008.1.x86_64.rpm
426db2bebd6206115e358b779f62f117 2008.1/x86_64/lib64neon0.26-static-devel-0.26.4-5.2mdv2008.1.x86_64.rpm
dc1d23f9ec9b449893456baec8b6700b 2008.1/SRPMS/libneon0.24-0.24.7-21.2mdv2008.1.src.rpm
effe8d01bc8e9663dbe61a92849eb340 2008.1/SRPMS/libneon0.26-0.26.4-5.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
4f9454779e532e76d530121b2efed153 2009.0/i586/libneon0.26-0.26.4-6.2mdv2009.0.i586.rpm
a86b602efd802fe0a90756c54a4cfee6 2009.0/i586/libneon0.26-devel-0.26.4-6.2mdv2009.0.i586.rpm
2fbae1ec8948843b455b53463f5f216d 2009.0/i586/libneon0.26-static-devel-0.26.4-6.2mdv2009.0.i586.rpm
ecc22290b29644dd7459c2aefe5d5de4 2009.0/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
077026afcdf0c1e1d09fe098c340a85c 2009.0/x86_64/lib64neon0.26-0.26.4-6.2mdv2009.0.x86_64.rpm
91127afa4a80debcfcd49f0a19a0e442 2009.0/x86_64/lib64neon0.26-devel-0.26.4-6.2mdv2009.0.x86_64.rpm
7caf316e8079d30ca90b96903ba1702a 2009.0/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdv2009.0.x86_64.rpm
ecc22290b29644dd7459c2aefe5d5de4 2009.0/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
f94b7b03b28ebdc4ece54b601460bd4f 2009.1/i586/libneon0.26-0.26.4-6.2mdv2009.1.i586.rpm
0ab62c5b0622e2e3cd1f78347cc04e41 2009.1/i586/libneon0.26-devel-0.26.4-6.2mdv2009.1.i586.rpm
f340831b1373206f3f740e5d51f8c10a 2009.1/i586/libneon0.26-static-devel-0.26.4-6.2mdv2009.1.i586.rpm
746a811c1e5a3f119c57c2921fda7073 2009.1/SRPMS/libneon0.26-0.26.4-6.2mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
e8cc5d7d17190643ab468bd1624db6a8 2009.1/x86_64/lib64neon0.26-0.26.4-6.2mdv2009.1.x86_64.rpm
4d2649aa3c3db0e734267c5eba3eb248 2009.1/x86_64/lib64neon0.26-devel-0.26.4-6.2mdv2009.1.x86_64.rpm
19ca5a647425e4db9af287de0e21bb69 2009.1/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdv2009.1.x86_64.rpm
746a811c1e5a3f119c57c2921fda7073 2009.1/SRPMS/libneon0.26-0.26.4-6.2mdv2009.1.src.rpm
Corporate 3.0:
d27dbab058c8fa431ddb2d6dc0b9a274 corporate/3.0/i586/libneon0.24-0.24.7-1.1.101mdk.i586.rpm
fae249ec7fa3c2621b120e7cea01a211 corporate/3.0/i586/libneon0.24-devel-0.24.7-1.1.101mdk.i586.rpm
a51842a47dd9e123f9f51d2c4d82daaa corporate/3.0/i586/libneon0.24-static-devel-0.24.7-1.1.101mdk.i586.rpm
6aac5b1670a6d20c6142b84ff9e96a51 corporate/3.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm
Corporate 3.0/X86_64:
9bcb2e9bbb1da24b19594fbd1738f1c2 corporate/3.0/x86_64/lib64neon0.24-0.24.7-1.1.101mdk.x86_64.rpm
6406230ecb959c719b6bdcde4004baee corporate/3.0/x86_64/lib64neon0.24-devel-0.24.7-1.1.101mdk.x86_64.rpm
80330ad1bcd75f7052196cd48acb3d23 corporate/3.0/x86_64/lib64neon0.24-static-devel-0.24.7-1.1.101mdk.x86_64.rpm
6aac5b1670a6d20c6142b84ff9e96a51 corporate/3.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm
Corporate 4.0:
5dd641da6ce0f905dfa934eaf8a1e576 corporate/4.0/i586/libneon0.24-0.24.7-12.1mdk.i586.rpm
1ac9cad7a7e2849428e06404a7b5f539 corporate/4.0/i586/libneon0.24-devel-0.24.7-12.1mdk.i586.rpm
15cdf86dab35fde01dda647ae6d81246 corporate/4.0/i586/libneon0.24-static-devel-0.24.7-12.1mdk.i586.rpm
4c83315bb3f59dbd748131e339e0129f corporate/4.0/i586/libneon0.25-0.25.1-3.1mdk.i586.rpm
4488e97e752f9dcfec360a5bd01be634 corporate/4.0/i586/libneon0.25-devel-0.25.1-3.1mdk.i586.rpm
894574f2e6fcc466ae5e093d202ea4a8 corporate/4.0/i586/libneon0.25-static-devel-0.25.1-3.1mdk.i586.rpm
9efb81497d770a4c54be687c15ab9786 corporate/4.0/SRPMS/libneon0.24-0.24.7-12.1mdk.src.rpm
23a233753b854143302a76f4982e42d7 corporate/4.0/SRPMS/libneon0.25-0.25.1-3.1mdk.src.rpm
Corporate 4.0/X86_64:
abbd0b575fab4521cf4c68258844e63f corporate/4.0/x86_64/lib64neon0.24-0.24.7-12.1mdk.x86_64.rpm
6d9a76ead78b506c8c1ccccf82ff95ae corporate/4.0/x86_64/lib64neon0.24-devel-0.24.7-12.1mdk.x86_64.rpm
e0d9b14e0794a3cd8c7f387f45252983 corporate/4.0/x86_64/lib64neon0.24-static-devel-0.24.7-12.1mdk.x86_64.rpm
9bf7d5343eefa15518a8d8347d7a7390 corporate/4.0/x86_64/lib64neon0.25-0.25.1-3.1mdk.x86_64.rpm
f874157bdb9dae35bbaf98cc6fdf64fc corporate/4.0/x86_64/lib64neon0.25-devel-0.25.1-3.1mdk.x86_64.rpm
07e03b594e6cc03e6c97104beb6d8147 corporate/4.0/x86_64/lib64neon0.25-static-devel-0.25.1-3.1mdk.x86_64.rpm
9efb81497d770a4c54be687c15ab9786 corporate/4.0/SRPMS/libneon0.24-0.24.7-12.1mdk.src.rpm
23a233753b854143302a76f4982e42d7 corporate/4.0/SRPMS/libneon0.25-0.25.1-3.1mdk.src.rpm
Mandriva Enterprise Server 5:
f5a94acdb8dbd9131202074428dead73 mes5/i586/libneon0.26-0.26.4-6.2mdvmes5.i586.rpm
4de9f68238916c28847f4c74eac60b25 mes5/i586/libneon0.26-devel-0.26.4-6.2mdvmes5.i586.rpm
b1a8f226dce843b68be9970081984585 mes5/i586/libneon0.26-static-devel-0.26.4-6.2mdvmes5.i586.rpm
a3202bc64e0648ec9787f6e3ad82caaf mes5/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm
Mandriva Enterprise Server 5/X86_64:
2be4bf50ead3eb78490aa21386dbe2f2 mes5/x86_64/lib64neon0.26-0.26.4-6.2mdvmes5.x86_64.rpm
2705e63e4d191c667d788b4bb69eb01c mes5/x86_64/lib64neon0.26-devel-0.26.4-6.2mdvmes5.x86_64.rpm
7419c8025a4ac445df90a73efd625f96 mes5/x86_64/lib64neon0.26-static-devel-0.26.4-6.2mdvmes5.x86_64.rpm
a3202bc64e0648ec9787f6e3ad82caaf mes5/SRPMS/libneon0.26-0.26.4-6.2mdv2009.0.src.rpm
Multi Network Firewall 2.0:
b1614b9804645e49a3ab48e9eed87ead mnf/2.0/i586/libneon0.24-0.24.7-1.1.101mdk.i586.rpm
6e244da945cc42ee5a030df1635df4f3 mnf/2.0/i586/libneon0.24-devel-0.24.7-1.1.101mdk.i586.rpm
257cabc3d460426a88cf290e5a6bee97 mnf/2.0/i586/libneon0.24-static-devel-0.24.7-1.1.101mdk.i586.rpm
5cb2af5b920ccfcdbe1050af2999d419 mnf/2.0/SRPMS/libneon-0.24.7-1.1.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
https://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKqmgLmqjQ0CJFipgRAvGHAJ45CNenXTIAT1JEfRHMYV8qf+R7YACglETn
xUeqM089Bi8iv7X2IMb1prs=
=5TgE
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed