Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista

Neon WebDAV Client Library Format String Vulnerabilities

Solution:
The vendor has released an upgrade that deals with this issue.

Gentoo has released an advisory (GLSA 200405-25:02). This advisory announces the release of a new tla eBuild to address the issues reported in this BID. Gentoo have recommended that tla users upgrade to tla current by issuing the following sequence of commands as a superuser:
emerge sync
emerge -pv ">=dev-util/tla-1.2-r2"
emerge ">=dev-util/tla-1.2-r2"

Gentoo have released an advisory (GLSA 200405-01). This advisory announces the release of a new neon eBuild to address the issues reported in this BID. Gentoo have recommended that Neon users upgrade to neon version 0.24.5 or later by issuing the following sequence of commands as a superuser:
emerge sync
emerge -pv ">=net-misc/neon-0.24.5"
emerge ">=net-misc/neon-0.24.5"

SGI has released an advisory 20040404-01-U and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Fixes are linked below.

Red Hat has released an advisory (RHSA-2004:157-06) and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Redhat advisory RHSA-2004:158-01 along with fixes has been released dealing with this issue.

SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.

Redhat advisory RHSA-2004:159-01 along with fixes has been released dealing with this issue. This advisory contains updated subversion packages. Please see the referenced advisory for more information.

OpenPKG has released advisory OpenPKG-SA-2004.016 as well as a fix dealing with this issue. Please see the referenced advisory for more information, and below for the updated fix.

Debian has released advisory DSA 487-1 to address this issue. Please see the attached advisory for further details on obtaining and applying fixes.

Gentoo has released updates to address these issues, which may be applied with the following commands:
# emerge sync
# emerge -pv ">=net-misc/cadaver-0.22.1"
# emerge ">=net-misc/cadaver-0.22.1"

Netwosix has released an advisory LNSA-#2004-0012 with fix information to address these issues. Please see the referenced advisory for more information.

Mandrake has released advisory MDKSA-2004:032 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Red Hat has released advisory RHSA-2004:163-01 and fixes dealing with this issue for their affected OpenOffice packages for Red Hat Linux 9.0. Please see the attached advisory for more information and details on obtaining fixes.

Gentoo has released an advisory (GLSA 200405-04) for OpenOffice, which uses the neon library. Please see the attached advisory for more information and details on obtaining fixes.

Gentoo openoffice users on the x86 architecture should:
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.1-r1"
# emerge ">=app-office/openoffice-1.1.1-r1"

Gentoo openoffice users on the sparc architecture should:
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.0-r3"
# emerge ">=app-office/openoffice-1.1.0-r3"

Gentoo openoffice users on the ppc architecture should:
# emerge sync
# emerge -pv ">=app-office/openoffice-1.0.3-r1"
# emerge ">=app-office/openoffice-1.0.3-r1"

Gentoo openoffice-ximian users should:
# emerge sync
# emerge -pv ">=app-office/openoffice-ximian-1.1.51-r1"
# emerge ">=app-office/openoffice-ximian-1.1.51-r1"

Red Hat Fedora has released advisory FEDORA-2004-103 dealing with these issues for their Fedora Linux project. Please see the referenced advisory for more information.

Gentoo has released an advisory (GLSA 200406-03) providing fixes for sitecopy, which includes the vulnerable neon library. Fixes may be applied by the superuser with the following commands:
emerge -pv unmerge net-misc/sitecopy
emerge unmerge net-misc/sitecopy

Mandrake Linux has released advisory MDKSA-2004:078 addressing this issue. Please see the referenced advisory for further information.

The Fedora Legacy project has released advisory FLSA:1552 along with fixes to address this issue for RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.


RedHat Fedora Core1

Neon Client Library 0.19.3

Cadaver WebDAV Client 0.22

Cadaver WebDAV Client 0.22.1

Neon Client Library 0.24

Neon Client Library 0.24.1

Neon Client Library 0.24.2

Neon Client Library 0.24.3

Neon Client Library 0.24.4

ArX Distributed Revision Control System 1.0 pre16

ArX Distributed Revision Control System 1.0 pre11

ArX Distributed Revision Control System 1.0 pre10

ArX Distributed Revision Control System 1.0 pre13

ArX Distributed Revision Control System 1.0 pre15

ArX Distributed Revision Control System 1.0 pre12

ArX Distributed Revision Control System 1.0 pre14

ArX Distributed Revision Control System 1.0.17

ArX Distributed Revision Control System 1.0.18

OpenOffice OpenOffice 1.1.2

SGI ProPack 2.3

SGI ProPack 2.4







 

Privacy Statement
Copyright 2008, SecurityFocus