[Fedora-directory-users] Security vulnerability in fedora-ds-admin (April 22, 2008)
Rich Megginson
rmeggins at redhat.com
Tue Apr 22 15:17:55 UTC 2008
The fedora-ds-admin-1.1.0 package has a couple of security vulnerabilities:
* CVE-2008-0892 Directory Server: shell command injection in CGI
replication monitor -
https://bugzilla.redhat.com/show_bug.cgi?id=437301
* CVE-2008-0893 Directory Server: unrestricted access to CGI scripts
- https://bugzilla.redhat.com/show_bug.cgi?id=437320
The new package is fedora-ds-admin-1.1.4-1 This package is available
from the Fedora yum repository for F-7 and later, or from the dirsrv yum
repo on Fedora 6 and EL5. See Install_Guide
<http://directory.fedoraproject.org/wiki/Install_Guide> for information
about how to use these yum repositories for your platform.
There are also updates to the adminutil (new version 1.1.6) and to some
of the other packages. These updates are recommended.
*NOTE for Fedora 8 and later users:* all of the packages are now in the
standard Fedora repos. Please remove your
/etc/yum.repos.d/idmcommon.repo and /etc/yum.repos.d/dirsrv.repo files
before you install or upgrade. See Install_Guide
<http://directory.fedoraproject.org/wiki/Install_Guide> for more
information.
*NOTE for Fedora 6, 7 and EL5 users:* You may get an error about a
missing dependency fedora-admin-console when upgrading. If you get this
error, remove the old fedora-ds package (yum erase fedora-ds) and
upgrade again.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080422/3255a622/attachment.bin>
More information about the Fedora-directory-users
mailing list