-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ************************************************************************************ Netwosix Linux Security Advisory #2004-0012 <http://www.netwosix.org> - -----------------------------------------------------------------------------------
Package name: � �neon Summary: � � � � �Multiple format string vulnerabilities Date: � � � � � � � � 2004-04-18 Affected versions: �Netwosix 1.0 � � � � � � � � � � ��Netwosix 1.1 ************************************************************************************ - - -> Package description: - - ------------------------ neon is an HTTP and WebDAV client library for Unix systems, with a C language API. It provides high-level interfaces to HTTP/1.1 and WebDAV methods, and a low-level interface to HTTP request/response handling, allowing new methods to be easily implemented. - - -> Problem description: - - ------------------------ Multiple format string vulnerabilities in neon 0.24.4 and earlier, and the cadaver client which uses neon, as used in OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. - - -> Action: - - ------------------------ � We recommend that all systems with this package installed be upgraded. � Please note that if you do not need the functionality provided by this � package, you may want to remove it from your system. - - -> Location: - - --------------------- � You can download the latest version of this package in NEPOTE format from: � <http://download.netwosix.org/0012/nepote> - - -> Nepote Update: - - --------------------- See this instructions to update the port of this package: # cd /usr/ports/net/neon # rm nepote � � � � # wget http://download.netwosix.org/0012/nepote � � � � # sh nepote (to install the new and updated package) - - -> References - - --------------------- � � � � Specific references for this advisory: � � � � � � �http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179 - - -> About Linux Netwosix: - - --------------------------------- Linux Netwosix is a powerful and optimized Linux distribution for servers and Network Security related jobs. �It can also be used for special operations such as penetration testing with its big collection of security oriented software and sources. It's a light distribution created for the requirements of every SysAdmin and it's very portable and highly configurable. Our philosophy is to give greater liberty for �configuration to the SysAdmin. Only in this way can he/she configure a powerful and stable server machine. Linux Netwosix also has a powerful ports system (Nepote) similar to the xBSD systems but more flexible and usable. - - -> Questions? - - --------------------- � Check out our mailing lists: � <http://www.netwosix.org/mailing.html> � The advisory itself is available at � <http://www.netwosix.org/adv12.html> - - -------------------------------------------------- MD5sums of the packages: - - - -------------------------------------------------------------------------- 9df8e061588541fe4da49e105af163a7 �0012/nepote - - - -------------------------------------------------------------------------- - -- Vincenzo Ciaglia Linux Netwosix Team - [ Keyid: 0x6BB3E24A] Key fingerprint = 4B3E A25F 2A7A 0C19 1A97 616B EA3C FDA4 6BB3 E24A -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAgpqf6jz9pGuz4koRAtbnAJ4z4evd2n1ypyO7RYs1fPZbmvqZxgCfUL/b DfktW6St1ZYNCfi+dObyOyc= =EYrQ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
