SynopsisThe remote openSUSE host is missing a security update.
Descriptionneon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408).
Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473).
SolutionUpdate the affected libneon-devel packages.