Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2009:6548

Overview

Id SUSE-2009:6548
Name Novell SUSE 2009:6548 neon security update for SLE 10 SP2 i586
Vendor Name novell
Product None
Content Type Critical - 01 Critical - 01
Language(s)
Operating System(s) Linux 
Released On 12 Oct 2009 12:00:00

SUSE-2009:6548

Novell SUSE 2009:6548 neon security update for SLE 10 SP2 i586

Vendor Name

novell

Product

None

Released On

12 Oct 2009 12:00:00

Url

http://www.novell.com/support/search.do?usemicrosite=true&searchString=eaa0144c38b621123ffe7841bfd08604

Description

LSAC(v2)
neon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408). Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473).

Related Resources

Related Vulnerabilities

CVE-2009-2408   CVE-2009-2473  

Related Patches

None

Superseded Patches

None


Last Updated: 27 May 2016 11:23:10