Description: A NULL pointer deference in the Digest authentication support in neon versions 0.28.0 through 0.28.2 inclusive allows a malicious server to crash a client application, resulting in possible denial of service. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571 http://bugs.gentoo.org/show_bug.cgi?id=234826 Proposed patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=19;filename=0001-fix-segfault-if-base-path-is-NULL.patch;att=1;bug=476571 Affected versions: CVE-2008-3746: This issue does not affect the versions of the neon package, as shipped with Red Hat Enteprise Linux 4 and 5. CVE-2008-3746: This issue affects the versions of the neon package, as shipped with Fedora release 8 and 9.
According to Joe's mail, this issue should only affect 0.28.0 - 0.28.2, so Fedora 8 packages should be unaffected, as those are based on 0.27.x: http://www.openwall.com/lists/oss-security/2008/08/15/4 Patch applied in upstream version 0.28.3: http://www.openwall.com/lists/oss-security/2008/08/20/5 http://lists.manyfish.co.uk/pipermail/neon/2008-August/000038.html http://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.html
neon-0.28.3-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/neon-0.28.3-1.fc9
neon-0.28.3-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F9/FEDORA-2008-7661