Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in httpd
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in httpd
ID: TLSA-2008-5
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition
Datum: Di, 29. Januar 2008, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
Applikationen: Apache

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-5
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 28 Jan 2007
Last revised: 28 Jan 2007

Package: httpd

Summary: Cross-site scripting (XSS) vulnerabilities

More information:
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the Internet.

The Multiple cross-site scripting vulnerabilities exist in httpd.

Impact:
This vulnerabilities can be exploited to execute arbitrary HTML and script
code
in a user's browser session in context of an affected site.

Affected Products:
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Multimedia
- Turbolinux Personal


<Turbolinux 11 Server x64 Edition>

httpd-2.2.6-8.src.rpm
4770478 43cc94884710f6713e4c8009bc13cc8e

Binary Packages
Size: MD5

httpd-2.2.6-8.x86_64.rpm
1248348 50da0d7e23917d0dbafd8d376e86d15f
httpd-devel-2.2.6-8.x86_64.rpm
153058 32e998bfa6bbbd0a3d0bd79b0f6fbc5e
httpd-manual-2.2.6-8.x86_64.rpm
859352 01361da97499c944836b16b936797806
mod_ssl-2.2.6-8.x86_64.rpm
89658 c72ddaea571070dc37cba8ba35830257

<Turbolinux 11 Server>

httpd-2.2.6-8.src.rpm
4770478 f3da0e7aa7062cba0e8cd6312a20695a

Binary Packages
Size: MD5

httpd-2.2.6-8.i686.rpm
1176880 9b523bcfbf9abef68277521bfec5ef9b
httpd-devel-2.2.6-8.i686.rpm
153408 45dac1d8384666820fc35d86277b7930
httpd-manual-2.2.6-8.i686.rpm
858588 cadde127cd3dd9a8e4769dc85c757ff2
mod_ssl-2.2.6-8.i686.rpm
85358 c7ec94c102fc44df38467818f050e5a4

<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

httpd-2.0.51-35.src.rpm
6858623 47212add106398346b5d432b6922a4f1

Binary Packages
Size: MD5

httpd-2.0.51-35.i586.rpm
1033845 58883058ff379660fa269124a22811ba
httpd-devel-2.0.51-35.i586.rpm
225514 72b6507f46aa55c9614380e7e9efc79e
httpd-manual-2.0.51-35.i586.rpm
1132971 605d06f537f5dc44db1a8061a55eade5
mod_bwshare-2.0.51-35.i586.rpm
41674 27e675ac33117394ae5c0f6be0b65cad
mod_ssl-2.0.51-35.i586.rpm
89616 242ea7747de344647873a44ef0f40f53

<Turbolinux FUJI>

Source Packages
Size: MD5

httpd-2.0.54-21.src.rpm
7624643 a71265885b03c6d5bdef84a290fede4c

Binary Packages
Size: MD5

httpd-2.0.54-21.i686.rpm
1266572 bb94f6cba63f623f290a0c76d22c1e5f
httpd-devel-2.0.54-21.i686.rpm
277155 8c47f7a5cead63ce4518fa6e8afb99fd

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

httpd-2.0.51-35.src.rpm
6858623 048b7bd476b2b449169cb6f628f17108

Binary Packages
Size: MD5

httpd-2.0.51-35.x86_64.rpm
1144086 ba937d6d1cf34ea0fabf8218ceef92a8
httpd-debug-2.0.51-35.x86_64.rpm
3534820 4281168ebc668c1f212443e3baba1d30
httpd-devel-2.0.51-35.x86_64.rpm
225526 f62d934a3a73fa8314b0f51d8d339612
httpd-manual-2.0.51-35.x86_64.rpm
1133963 083326e547eb92f412f61c1180c38b38
mod_bwshare-2.0.51-35.x86_64.rpm
42412 0e363f7fc1467d4ed4841e5490f5a015
mod_ssl-2.0.51-35.x86_64.rpm
97213 bf07993ade5ba631ca6088d15ddad66a

<Turbolinux Appliance Server 1.0 Hosting Edition>

Source Packages
Size: MD5

apache-1.3.27-44.src.rpm
3117812 b38442e3eaff5336d97ca43de1d4d388

Binary Packages
Size: MD5

apache-1.3.27-44.i586.rpm
538734 92c97be339f9ef172bd1c4d532f04be6
apache-devel-1.3.27-44.i586.rpm
95903 697807d64bfbfdbdcd5ea710010a91c7
mod_ssl-2.8.14-44.i586.rpm
183386 3f0c8eed6b0cc47842f88a28cd6f75b7

<Turbolinux Appliance Server 1.0 Workgroup Edition>

Source Packages
Size: MD5

apache-1.3.27-44.src.rpm
3117812 df39b77c25ce07194f61a2a012289a51

Binary Packages
Size: MD5

apache-1.3.27-44.i586.rpm
503956 29607656d80312befe94f6802887574a
apache-devel-1.3.27-44.i586.rpm
96220 1c48ea5f1212e3eb16d83f0ed0d12073
mod_ssl-2.8.14-44.i586.rpm
183517 1dfca53a5a7f13fb7612351882da29c0

<Turbolinux 10 Server>

Source Packages
Size: MD5

httpd-2.0.51-35.src.rpm
6858623 47212add106398346b5d432b6922a4f1

Binary Packages
Size: MD5

httpd-2.0.51-35.i586.rpm
1033845 58883058ff379660fa269124a22811ba
httpd-debug-2.0.51-35.i586.rpm
3540524 c13a1d148a64f95dcfa6f0f64f97ac31
httpd-devel-2.0.51-35.i586.rpm
225514 72b6507f46aa55c9614380e7e9efc79e
httpd-manual-2.0.51-35.i586.rpm
1132971 605d06f537f5dc44db1a8061a55eade5
mod_bwshare-2.0.51-35.i586.rpm
41674 27e675ac33117394ae5c0f6be0b65cad
mod_ssl-2.0.51-35.i586.rpm
89616 242ea7747de344647873a44ef0f40f53

<Turbolinux Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

httpd-2.0.48-23.src.rpm
6326945 88b325ab81d50263c070783066d062f5

Binary Packages
Size: MD5

httpd-2.0.48-23.i586.rpm
893313 f2ea498155f16a57f9d29942e8d7c11b


References:

CVE
[CVE-2007-4465]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
[CVE-2007-6388]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
[CVE-2007-6421]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
[CVE-2007-6422]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422
[CVE-2008-0005]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005

--------------------------------------------------------------------------
Revision History
28 Jan 2008 Initial release
--------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iEYEARECAAYFAkedbiEACgkQK0LzjOqIJMyH9wCfXU2fX+ifwiEcEDxmYmwmbotQ
FOQAn0UvOwfGCWVqa6Dekze2COtEKPyR
=NTHD
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung