openSUSE Security Update : libneon-devel (libneon-devel-1377)
Medium Nessus Plugin ID 42317
SynopsisThe remote openSUSE host is missing a security update.
Descriptionneon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408).
Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473).
SolutionUpdate the affected libneon-devel packages.