The remote host is missing an update to neon announced via advisory FEDORA-2009-8794.

Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update neon' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8794

Update Information: This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the billion laughs attack against expat could allow a Denial of Service attack by a malicious server. (CVE-2009-2473) * an embedded NUL byte in a certificate subject name could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. Several bug fixes are also included, notably: * X.509v1 CA certificates are trusted by default * Fix handling of some PKCS#12 certificates ChangeLog: * Wed Aug 19 2009 Joe Orton 0.28.6-1 - update to 0.28.6 * Fri May 29 2009 Joe Orton 0.28.4-1.1 - trust V1 CA certs by default (#502451) * Fri Mar 6 2009 Joe Orton 0.28.4-1 - update to 0.28.4 * Mon Jan 19 2009 Joe Orton 0.28.3-3 - use install-p in make install (Robert Scheck, #226189)

• https://bugzilla.redhat.com/show_bug.cgi?id=502451

---

Updated on 2015-03-25