Joined: 13 Jun 2003
Location: Barcelona, Spain
|Posted: Sun May 09, 2004 5:19 pm Post subject: [ GLSA 200405-01 ] Multiple format string vulnerabilities in
|Gentoo Linux Security Advisory
Title: Multiple format string vulnerabilities in neon 0.24.4 and earlier (GLSA 200405-01)
Date: May 09, 2004
There are multiple format string vulnerabilities in libneon which may allow a malicious WebDAV server to execute arbitrary code.
neon provides an HTTP and WebDAV client library.
Vulnerable: <= 0.24.4
Unaffected: >= 0.24.5
Architectures: All supported architectures
There are multiple format string vulnerabilities in libneon which may allow a malicious WebDAV server to execute arbitrary code under the context of the process using libneon.
An attacker may be able to execute arbitrary code under the context of the process using libneon.
A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.
Neon users should upgrade to version 0.24.5 or later:
|# emerge sync
# emerge -pv ">=net-misc/neon-0.24.5"
# emerge ">=net-misc/neon-0.24.5"
Last edited by GLSA on Sun May 07, 2006 4:50 pm; edited 1 time in total