Recent Features
| ||||||||||||||||
Fedora alert FEDORA-2008-7339 (adminutil)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-7339 2008-09-05 10:34:23 -------------------------------------------------------------------------------- Name : adminutil Product : Fedora 9 Version : 1.1.7 Release : 1.fc9 URL : http://directory.fedoraproject.org/wiki/AdminUtil Summary : Utility library for directory server administration Description : adminutil is libraries of functions used to administer directory servers, usually in conjunction with the admin server. adminutil is broken into two libraries - libadminutil contains the basic functionality, and libadmsslutil contains SSL versions and wrappers around the basic functions. The PSET functions allow applications to store their preferences and configuration parameters in LDAP, without having to know anything about LDAP. The configuration is cached in a local file, allowing applications to function even if the LDAP server is down. The other code is typically used by CGI programs used for directory server management, containing GET/POST processing code as well as resource handling (ICU ures API). -------------------------------------------------------------------------------- Update Information: Fixes these bugs: - CVE-2008-2928 - buffer overflow in Accept-Language parsing 413531 Web browser accepted languages configuration causes dsgw CGI binaries to segfault - improved fix for CVE-2008-2929 XSS issues (originally addressed in 1.1.6), that does not introduce heap overflow in parsing %-encoded inputs (CVE-2008-2932) 245248 dsgw doesn't escape filename in error message 454060 ViewLog CGI crash with new adminutil 1.1.6 -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 27 2008 Rich Megginson <rmeggins@redhat.com> - 1.1.7-1 - Resolves bug 454060 - ViewLog CGI crash with new adminutil - Resolves bug 413531 - Web browser accepted languages configuration causes dsgw CGI binaries to segfault -------------------------------------------------------------------------------- References: [ 1 ] Bug #454662 - CVE-2008-2932 Directory Server: adminutil / CGI heap overflow https://bugzilla.redhat.com/show_bug.cgi?id=454662 [ 2 ] Bug #453916 - CVE-2008-2928 Directory Server: CGI accept language buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=453916 [ 3 ] Bug #454621 - CVE-2008-2929 Directory Server: multiple XSS issues https://bugzilla.redhat.com/show_bug.cgi?id=454621 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update adminutil' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann... (Log in to post comments)
|
||||||||||||||||