openSUSE 10 Security Update : libneon-devel (libneon-devel-6550)
Medium Nessus Plugin ID 42324
SynopsisThe remote openSUSE host is missing a security update.
Descriptionneon did not properly handle embedded NUL characters in X.509 certificates when comparing host names. Attackers could exploit that to spoof SSL servers (CVE-2009-2408).
Specially crafted XML documents that contain a large number of nested entity references could cause neon to consume large amounts of CPU and memory (CVE-2009-2473).
SolutionUpdate the affected libneon-devel packages.