[Fedora-directory-devel] SECURITY] Fedora Directory Server 1.0 Update: Admin Server

Richard Megginson rmeggins at redhat.com
Wed Dec 7 16:07:20 UTC 2005


---------------------------------------------------------------------
Fedora Directory Server Update Notification
2005-12-07
---------------------------------------------------------------------

Product     : Fedora Directory Server
Name        : Admin Server
Version     : 1.0
Release     : 1
Summary     : The Admin Server httpd administrative engine.
Description :
The Admin Server component of Fedora Directory Server is an httpd
server which uses Apache 2 to serve up web pages and execute
CGIs used to administer the Fedora Directory Server.  This package
is included with Fedora Directory Server.

---------------------------------------------------------------------
Update Information:

Fixed bug #174837 (CVE-2005-3630)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837


Frank Reppin discovered a flaw in the default Apache configuration for 
Fedora DS.  By default clients are allowed to read everything under the 
document root, which can reveal sensitive information to a remote user. 
This update modifies this behavior, only allowing read access to 
specific files and directories under the document root.

---------------------------------------------------------------------
This update is a patch file available for download from:
   http://directory.fedora.redhat.com/download/adminserver10to101.patch

2d7553a300551ef2a19b1b89a017e5ff  adminserver20051205.patch

To install the patch:
   cd /opt/fedora-ds
   patch -p0 < adminserver10to101.patch
   ./restart-admin


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20051207/c59a06b1/attachment.bin>


More information about the Fedora-directory-devel mailing list