Fedora Update Notification
FEDORA-2004-103
2004-04-14
---------------------------------------------------------------------

Name        : neon
Version     : 0.24.5                      
Release     : 1                  
Summary     : An HTTP and WebDAV client library
Description :
neon is an HTTP and WebDAV client library, with a C interface;
providing a high-level interface to HTTP and WebDAV methods along
with a low-level interface for HTTP request handling.  neon
supports persistent connections, proxy servers, basic, digest and
Kerberos authentication, and has complete SSL support.

---------------------------------------------------------------------
Update Information:

Multiple format string vulnerabilities in neon 0.24.4 and earlier
allow remote malicious WebDAV servers to execute arbitrary code.

Updated packages were made available in April 2004 however the original
update notification email did not make it to fedora-announce-list at
that time.

---------------------------------------------------------------------

* Wed Apr 14 2004 Joe Orton <jorton@redhat.com> 0.24.5-1

- update to 0.24.5 for CAN 2004-0179 fix

* Thu Mar 25 2004 Joe Orton <jorton@redhat.com> 0.24.4-4

- implement the Negotate auth scheme, and only over SSL

* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Wed Feb 25 2004 Joe Orton <jorton@redhat.com> 0.24.4-3

- use BuildRequires not BuildPrereq, drop autoconf, libtool;
  -devel requires {openssl,zlib}-devel (#116744)

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> 0.24.4-2

- rebuilt

* Mon Feb 09 2004 Joe Orton <jorton@redhat.com> 0.24.4-1

- update to 0.24.4


---------------------------------------------------------------------
This update can be downloaded from:
    

f34a346e0d945707e888874699ed958a  SRPMS/neon-0.24.5-1.src.rpm
4c3c9a53a1916566c3822e5ac9eed67d  i386/neon-0.24.5-1.i386.rpm
c00098bf0548dcf7e3f8ad1db90c78e8  i386/neon-devel-0.24.5-1.i386.rpm
c6faddb460bff55de5571630324f5381  i386/debug/neon-debuginfo-0.24.5-1.i386.rpm
e192a575ff1184e7ba35326a0ba84b5c  x86_64/neon-0.24.5-1.x86_64.rpm
50d3157693574508440893e5dcf48ac3  x86_64/neon-devel-0.24.5-1.x86_64.rpm
eb12e5f3ed12849c26b949ce7c3c5aa0  x86_64/debug/neon-debuginfo-0.24.5-1.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

Fedora: neon Format string vulnerabilities

May 18, 2004
Exploiting these bugs may allow remote malicious WebDAV servers to execute arbitrary code.

Summary

neon is an HTTP and WebDAV client library, with a C interface;

providing a high-level interface to HTTP and WebDAV methods along

with a low-level interface for HTTP request handling. neon

supports persistent connections, proxy servers, basic, digest and

Kerberos authentication, and has complete SSL support.

Update Information:

Multiple format string vulnerabilities in neon 0.24.4 and earlier allow remote malicious WebDAV servers to execute arbitrary code.

Updated packages were made available in April 2004 however the original update notification email did not make it to fedora-announce-list at that time.


* Wed Apr 14 2004 Joe Orton <jorton@redhat.com> 0.24.5-1

- update to 0.24.5 for CAN 2004-0179 fix

* Thu Mar 25 2004 Joe Orton <jorton@redhat.com> 0.24.4-4

- implement the Negotate auth scheme, and only over SSL

* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>

- rebuilt

* Wed Feb 25 2004 Joe Orton <jorton@redhat.com> 0.24.4-3

- use BuildRequires not BuildPrereq, drop autoconf, libtool; -devel requires {openssl,zlib}-devel (#116744)

* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> 0.24.4-2

- rebuilt

* Mon Feb 09 2004 Joe Orton <jorton@redhat.com> 0.24.4-1

- update to 0.24.4


This update can be downloaded from:


f34a346e0d945707e888874699ed958a SRPMS/neon-0.24.5-1.src.rpm 4c3c9a53a1916566c3822e5ac9eed67d i386/neon-0.24.5-1.i386.rpm c00098bf0548dcf7e3f8ad1db90c78e8 i386/neon-devel-0.24.5-1.i386.rpm c6faddb460bff55de5571630324f5381 i386/debug/neon-debuginfo-0.24.5-1.i386.rpm e192a575ff1184e7ba35326a0ba84b5c x86_64/neon-0.24.5-1.x86_64.rpm 50d3157693574508440893e5dcf48ac3 x86_64/neon-devel-0.24.5-1.x86_64.rpm eb12e5f3ed12849c26b949ce7c3c5aa0 x86_64/debug/neon-debuginfo-0.24.5-1.x86_64.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Change Log

References

Fedora Update Notification FEDORA-2004-103 2004-04-14 Name : neon Version : 0.24.5 Release : 1 Summary : An HTTP and WebDAV client library Description : neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support.

Update Instructions

Severity
Name : neon
Version : 0.24.5
Release : 1
Summary : An HTTP and WebDAV client library

Related News

28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved