Fedora 10 Security Update: neon-0.28.6-1.fc10

24
Article Source Fedora 10 Security Updates
August 20, 2009, 1:33 pm

Resolved Bugs
502451 – X509v1 CA certificate is not trusted

This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the “billion laughs” attack against expat could allow a Denial of Service attack by a malicious server. (CVE-2009-2473) * an embedded NUL byte in a certificate subject name could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. Several bug fixes are also included, notably: * X.509v1 CA certificates are trusted by default * Fix handling of some PKCS#12 certificates…

Read More