slesp3-neon

Security update for neon

Security update for neon

neon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408). Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473). neon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408). Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473). security neon x86_64 ead0e7d2ab9071c8616369a27578c760d8265c34 neon-32bit x86_64 77f16e3d9a2ffcdda0c71fbf2a7ae94d8f0f4711