Login
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in httpd
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in httpd
ID: TLSA-2008-34
Distribution: TurboLinux
Plattformen: Turbolinux Client 2008, Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux Multimedia, Turbolinux Personal
Datum: Fr, 19. September 2008, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
Applikationen: Apache

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2008-34
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 18 Sep 2008
Last revised: 18 Sep 2008

Package: httpd

Summary: Cross-site scripting (XSS) vulnerability

More information:
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the Internet.

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
mod_proxy_ftp module
in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp
module in
Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject
arbitrary
web script or HTML via a wildcard in the last directory component in the
pathname
in an FTP URI. (CVE-2008-2939)

Affected Products:
- Turbolinux Client 2008
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux 10 Server
- Turbolinux Multimedia
- Turbolinux Personal


<Turbolinux Client 2008>

Source Packages
Size: MD5

httpd-2.2.6-10.src.rpm
4776718 5b5cdcd203ced7cc9e5bdd190c0aa41d

Binary Packages
Size: MD5

httpd-2.2.6-10.i586.rpm
1232148 3d67295de4fa3477b87755c905fce93f
httpd-devel-2.2.6-10.i586.rpm
148740 3c4e55459b21d274f0a29df736fae492

<Turbolinux Appliance Server 3.0 x64 Edition>

Source Packages
Size: MD5

httpd-2.2.6-10.src.rpm
4776445 6fe54e202d38be1172e7ead5b6866691

Binary Packages
Size: MD5

httpd-2.2.6-10.x86_64.rpm
1249458 86daa821650cdaf21479572c0dd74e4c
httpd-manual-2.2.6-10.x86_64.rpm
859031 8913f45ff4d9361b7cac18d268ccae24
httpd-rootsrv-2.2.6-10.x86_64.rpm
230037 faf1d57f2ef3672fe63dd9b15f0fc4c8
mod_ssl-2.2.6-10.x86_64.rpm
89708 5a5ebccfe29ed2076643de0ce71eb250

<Turbolinux Appliance Server 3.0>

Source Packages
Size: MD5

httpd-2.2.6-10.src.rpm
4776445 6fe54e202d38be1172e7ead5b6866691

Binary Packages
Size: MD5

httpd-2.2.6-10.i686.rpm
1177558 75f6c47cc25eccce3c87943d41746d53
httpd-manual-2.2.6-10.i686.rpm
858875 76d04221d155557759f5c8a208cc081b
httpd-rootsrv-2.2.6-10.i686.rpm
216647 7d7e002de353deb9947894e0317ed8e3
mod_ssl-2.2.6-10.i686.rpm
85565 3d9e5f9e8e7d64e469f00c8d219919f8

<Turbolinux 11 Server x64 Edition>

Source Packages
Size: MD5

httpd-2.2.6-10.src.rpm
4776445 6fe54e202d38be1172e7ead5b6866691

Binary Packages
Size: MD5

httpd-2.2.6-10.x86_64.rpm
1249458 86daa821650cdaf21479572c0dd74e4c
httpd-devel-2.2.6-10.x86_64.rpm
153169 f0cbf32797f2bff7194f51e9eae260c8
httpd-manual-2.2.6-10.x86_64.rpm
859031 8913f45ff4d9361b7cac18d268ccae24
mod_ssl-2.2.6-10.x86_64.rpm
89708 5a5ebccfe29ed2076643de0ce71eb250

<Turbolinux 11 Server>

Source Packages
Size: MD5

httpd-2.2.6-10.src.rpm
4776445 6fe54e202d38be1172e7ead5b6866691

Binary Packages
Size: MD5

httpd-2.2.6-10.i686.rpm
1177558 75f6c47cc25eccce3c87943d41746d53
httpd-devel-2.2.6-10.i686.rpm
153815 45b3045146fd0b71e32234fbf7234354
httpd-manual-2.2.6-10.i686.rpm
858875 76d04221d155557759f5c8a208cc081b
mod_ssl-2.2.6-10.i686.rpm
85565 3d9e5f9e8e7d64e469f00c8d219919f8

<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

httpd-2.0.51-37.src.rpm
6859863 a5fc776ad33967968604c0c09697bd0b

Binary Packages
Size: MD5

httpd-2.0.51-37.i586.rpm
1033210 2df72789c4eeb281407b090908f308a8
httpd-devel-2.0.51-37.i586.rpm
225599 39642f98e411cdc570d1709b4e8ec3e5
httpd-manual-2.0.51-37.i586.rpm
1133919 331ba82dfde87bbcf260b4a4daa8165c
mod_bwshare-2.0.51-37.i586.rpm
41830 0e5dc163c80325308002cd39dac3ab56
mod_ssl-2.0.51-37.i586.rpm
89774 dd58a30d3c8f2704e06b4adb57084636

<Turbolinux FUJI>

Source Packages
Size: MD5

httpd-2.0.54-23.src.rpm
7625833 6da89085b3ef3767b60c55cf84305b29

Binary Packages
Size: MD5

httpd-2.0.54-23.i686.rpm
1266820 572764e31beac54e5f95603f9595251e
httpd-devel-2.0.54-23.i686.rpm
276783 536dce88edc52ccdf1076454b876987e

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

httpd-2.0.51-37.src.rpm
6859863 86f2cb2c8069dc8f7e6a9013affa63de

Binary Packages
Size: MD5

httpd-2.0.51-37.x86_64.rpm
1144126 ee207355cba106c32b3911688a471bef
httpd-debug-2.0.51-37.x86_64.rpm
3534454 5fea25ab4f67909850b5f73b7c2d70a6
httpd-devel-2.0.51-37.x86_64.rpm
225621 6170d6d5d2035ac7a14f0ab1ce4eb804
httpd-manual-2.0.51-37.x86_64.rpm
1133835 4d207056a48e94fd3f92e9f59bfc8cec
mod_bwshare-2.0.51-37.x86_64.rpm
42563 c59c911bd4849689d67c5aaba1961a72
mod_ssl-2.0.51-37.x86_64.rpm
97411 1aad117df22a1c892474f5c776bc5630

<Turbolinux 10 Server>

Source Packages
Size: MD5

httpd-2.0.51-37.src.rpm
6859863 a5fc776ad33967968604c0c09697bd0b

Binary Packages
Size: MD5

httpd-2.0.51-37.i586.rpm
1033210 2df72789c4eeb281407b090908f308a8
httpd-debug-2.0.51-37.i586.rpm
3542082 fdbde072e9a85b2246167023f28bc694
httpd-devel-2.0.51-37.i586.rpm
225599 39642f98e411cdc570d1709b4e8ec3e5
httpd-manual-2.0.51-37.i586.rpm
1133919 331ba82dfde87bbcf260b4a4daa8165c
mod_bwshare-2.0.51-37.i586.rpm
41830 0e5dc163c80325308002cd39dac3ab56
mod_ssl-2.0.51-37.i586.rpm
89774 dd58a30d3c8f2704e06b4adb57084636

<Turbolinux Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

httpd-2.0.48-25.src.rpm
6328038 f41706615f4c90774a269c472cebbe4f

Binary Packages
Size: MD5

httpd-2.0.48-25.i586.rpm
893308 aa1effc96d0cb0ae52a548d32b1cb63a


References:

CVE
[CVE-2008-2939]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939

--------------------------------------------------------------------------
Revision History
18 Sep 2008 Initial release
--------------------------------------------------------------------------

Copyright(C) 2008 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjSC+UACgkQK0LzjOqIJMzgJwCgieZt3RUmBOpef8PWPkE0EpSk
rtgAniq0r/+aCrW0cxWvRvGlQc556Jns
=2Msj
-----END PGP SIGNATURE-----
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung