SuSE 10 Security Update : neon (ZYPP Patch Number 6548)
Medium Nessus Plugin ID 42303
SynopsisThe remote SuSE 10 host is missing a security-related patch.
Descriptionneon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers. (CVE-2009-2408)
Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory. (CVE-2009-2473)
SolutionApply ZYPP patch number 6548.