Novell Home

CVE-2009-2473

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2009-2473 at MITRE

Description

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 528370, 532345

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 10.3
  • neon >= 0.26.4-17.2
  • neon-32bit >= 0.26.4-17.2
  • neon-64bit >= 0.26.4-17.2
  • neon-devel >= 0.26.4-17.2
SUSE Linux Enterprise Desktop 10 SP3 for x86
  • neon >= 0.24.7-20.8.1
  • neon-devel >= 0.24.7-20.8.1
 sles10-sp3.ppc
sle10-sp3-sdk.ppc
sles10-sp3.x86
sles10-sp3.s390x
sle10-sp3-sdk.x86-64
sle10-sp3-sdk.s390x
sles10-sp3.x86-64
sles10-sp3.ia64
sle10-sp3-sdk.x86
sle10-sp3-sdk.ia64
ZYPP Patch Nr: 6549
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
  • neon >= 0.24.7-20.8.1
  • neon-32bit >= 0.24.7-20.8.1
  • neon-devel >= 0.24.7-20.8.1
 sles10-sp3.ppc
sle10-sp3-sdk.ppc
sles10-sp3.x86
sles10-sp3.s390x
sle10-sp3-sdk.x86-64
sle10-sp3-sdk.s390x
sles10-sp3.x86-64
sles10-sp3.ia64
sle10-sp3-sdk.x86
sle10-sp3-sdk.ia64
ZYPP Patch Nr: 6549
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for IBM iSeries and IBM pSeries
SLES SDK 9 for IBM zSeries
SLES SDK 9 for IPF
SLES SDK 9 for X86-64
SLES SDK 9 for x86
  • neon >= 0.24.7-6.7
  • neon-devel >= 0.24.7-6.7
 core9.s390
core9.x86-64
core9.x86
core9.ia64
core9.ppc
core9.s390x
YOU Patch Nr: 12522
SUSE Linux Enterprise Desktop 10 SP2 for x86
  • neon >= 0.24.7-20.8.1
  • neon-devel >= 0.24.7-20.8.1
 sles10-sp2.x86
sle10-sp2-sdk.ppc
sles10-sp2.ppc
sle10-sp2-sdk.s390x
sles10-sp2.x86-64
sle10-sp2-sdk.x86-64
sled10-sp2.x86
sle10-sp2-sdk.x86
sled10-sp2.x86-64
sles10-sp2.ia64
sle10-sp2-sdk.ia64
sles10-sp2.s390x
ZYPP Patch Nr: 6548
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T
  • neon >= 0.24.7-20.8.1
  • neon-32bit >= 0.24.7-20.8.1
  • neon-devel >= 0.24.7-20.8.1
 sles10-sp2.x86
sle10-sp2-sdk.ppc
sles10-sp2.ppc
sle10-sp2-sdk.s390x
sles10-sp2.x86-64
sle10-sp2-sdk.x86-64
sled10-sp2.x86
sle10-sp2-sdk.x86
sled10-sp2.x86-64
sles10-sp2.ia64
sle10-sp2-sdk.ia64
sles10-sp2.s390x
ZYPP Patch Nr: 6548
SUSE Linux Enterprise Server 10 SP2 for x86
  • neon >= 0.24.7-20.8.1
 sles10-sp2.x86
sle10-sp2-sdk.ppc
sles10-sp2.ppc
sle10-sp2-sdk.s390x
sles10-sp2.x86-64
sle10-sp2-sdk.x86-64
sled10-sp2.x86
sle10-sp2-sdk.x86
sled10-sp2.x86-64
sles10-sp2.ia64
sle10-sp2-sdk.ia64
sles10-sp2.s390x
ZYPP Patch Nr: 6548
SUSE Linux Enterprise Server 10 SP2 for IPF
  • neon >= 0.24.7-20.8.1
  • neon-x86 >= 0.24.7-20.8.1
 sles10-sp2.x86
sle10-sp2-sdk.ppc
sles10-sp2.ppc
sle10-sp2-sdk.s390x
sles10-sp2.x86-64
sle10-sp2-sdk.x86-64
sled10-sp2.x86
sle10-sp2-sdk.x86
sled10-sp2.x86-64
sles10-sp2.ia64
sle10-sp2-sdk.ia64
sles10-sp2.s390x
ZYPP Patch Nr: 6548
SUSE Linux Enterprise Server 10 SP2 for IBM POWER
  • neon >= 0.24.7-20.8.1
  • neon-64bit >= 0.24.7-20.8.1
 sles10-sp2.x86
sle10-sp2-sdk.ppc
sles10-sp2.ppc
sle10-sp2-sdk.s390x
sles10-sp2.x86-64
sle10-sp2-sdk.x86-64
sled10-sp2.x86
sle10-sp2-sdk.x86
sled10-sp2.x86-64
sles10-sp2.ia64
sle10-sp2-sdk.ia64
sles10-sp2.s390x
ZYPP Patch Nr: 6548
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit
  • neon >= 0.24.7-20.8.1
  • neon-32bit >= 0.24.7-20.8.1
 sles10-sp2.x86
sle10-sp2-sdk.ppc
sles10-sp2.ppc
sle10-sp2-sdk.s390x
sles10-sp2.x86-64
sle10-sp2-sdk.x86-64
sled10-sp2.x86
sle10-sp2-sdk.x86
sled10-sp2.x86-64
sles10-sp2.ia64
sle10-sp2-sdk.ia64
sles10-sp2.s390x
ZYPP Patch Nr: 6548

List of products where fixes are in QA

SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP3 for x86

© 2012 Novell