Plattformen: |
Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 11 Server x64 Edition, Turbolinux 11 Server, Turbolinux 8 Server, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2007-56
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date: 25 Dec 2007
Last revised: 25 Dec 2007
Package: httpd
Summary: Cross-site scripting (XSS) vulnerability
More information:
Apache is a powerful, full-featured, efficient, and freely-available
Web server. Apache is also the most popular Web server on the Internet.
The Cross-site scripting exists in mod_imagemap(mod_imap) of httpd.
Impact:
This vulnerability can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
Affected Products:
- Turbolinux 11 Server x64 Edition
- Turbolinux 11 Server
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/httpd-2.2.6-7.src.rpm
4768026 656be5c7c3ea462bb3ce1a2f7b0dbb7b
Binary Packages
Size: MD5
httpd-2.2.6-7.x86_64.rpm
1248818 f0033814e5f5ced30620ba851c623393
httpd-devel-2.2.6-7.x86_64.rpm
152878 ce090d88d58671f7f20dead0d77e2dc2
httpd-manual-2.2.6-7.x86_64.rpm
858560 57548aa697d2b476ba7b7b49553d0c7e
mod_ssl-2.2.6-7.x86_64.rpm
89528 bc97d8530b30f27793e64b2b39786427
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/httpd-2.2.6-7.src.rpm
4768026 aa1928c5169955051d4518eb061df352
Binary Packages
Size: MD5
httpd-2.2.6-7.i686.rpm
1176265 fb4f0f23f4edbe58b7645185c86ac607
httpd-devel-2.2.6-7.i686.rpm
152971 a1dbe5735020e31e5484a317db2875fa
httpd-manual-2.2.6-7.i686.rpm
857634 71b1834710902e8dcdc010ee139f4d2a
mod_ssl-2.2.6-7.i686.rpm
85239 59839ce5436d7c23721a60403b348dc1
Source Packages
Size: MD5
httpd-2.0.51-34.src.rpm
6856770 5f6140a8d71ddfe1ed6c3ce77e6d63e2
Binary Packages
Size: MD5
httpd-2.0.51-34.i586.rpm
1033631 a24b2f4030e1b1fe24ac80e3f63f696e
httpd-devel-2.0.51-34.i586.rpm
225349 94fc2636c637aa761a59dff1da673db3
httpd-manual-2.0.51-34.i586.rpm
1133107 c5167124ee98eb643c53b014d72aa32b
mod_bwshare-2.0.51-34.i586.rpm
41541 20052bc35904a1f94beeb089e71ebcd6
mod_ssl-2.0.51-34.i586.rpm
89502 304f3e7cc65c3827a78ed11e1e41a990
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/11/updates/SRPMS/httpd-2.0.54-20.src.rpm
7622511 f8c29791207679914b539f606c7ca180
Binary Packages
Size: MD5
httpd-2.0.54-20.i686.rpm
1266041 10a5b0824b8440f10eb89faede1529e6
httpd-devel-2.0.54-20.i686.rpm
276954 3c8613c2d52cd3388ed5eb7b517ec156
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/httpd-2.0.51-34.src.rpm
6856770 cc92e836cd03e95354aa14b911720825
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-2.0.51-34.x86_64.rpm
1142725 610c87689f917404a5101437de64cd21
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-debug-2.0.51-34.x86_64.rpm
3534277 32d9852790edadbc136eced38cf7cba9
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-devel-2.0.51-34.x86_64.rpm
225364 2e509f767528a79d57fa41dbc4566c7b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/httpd-manual-2.0.51-34.x86_64.rpm
1133043 d40faa2e10b587241ed4c346745c4f30
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_bwshare-2.0.51-34.x86_64.rpm
42290 499fd23019174cd0e16ee6a268f6d283
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/mod_ssl-2.0.51-34.x86_64.rpm
97149 c6afb487a309d7fee75c1359c4f5a857
Source Packages
Size: MD5
apache-1.3.27-43.src.rpm
3116264 4528a2265449d98613689c072d36677b
Binary Packages
Size: MD5
apache-1.3.27-43.i586.rpm
538420 a5f9a7dcc6d3bbfb5c1607a4c8930d91
apache-devel-1.3.27-43.i586.rpm
95867 f83b73bdc73ee03d11e2bb0b6b916e3f
mod_ssl-2.8.14-43.i586.rpm
183419 041879877f7430482d768eed3d8ed024
Source Packages
Size: MD5
apache-1.3.27-43.src.rpm
3116264 5a27a6c1f4f463d9122f28ffa7f288ad
Binary Packages
Size: MD5
apache-1.3.27-43.i586.rpm
504423 c519db3ae7e6f8258b208e0e0b292bee
apache-devel-1.3.27-43.i586.rpm
96043 825bb5655ad66d3b09abd4400bab4769
mod_ssl-2.8.14-43.i586.rpm
183569 eacb744774f62f08f83181fb3706b0ac
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/httpd-2.0.51-34.src.rpm
6856770 5f6140a8d71ddfe1ed6c3ce77e6d63e2
Binary Packages
Size: MD5
httpd-2.0.51-34.i586.rpm
1033631 a24b2f4030e1b1fe24ac80e3f63f696e
httpd-debug-2.0.51-34.i586.rpm
3541682 0697d5377ebb06565b297ab63695fe61
httpd-devel-2.0.51-34.i586.rpm
225349 94fc2636c637aa761a59dff1da673db3
httpd-manual-2.0.51-34.i586.rpm
1133107 c5167124ee98eb643c53b014d72aa32b
mod_bwshare-2.0.51-34.i586.rpm
41541 20052bc35904a1f94beeb089e71ebcd6
mod_ssl-2.0.51-34.i586.rpm
89502 304f3e7cc65c3827a78ed11e1e41a990
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/httpd-2.0.48-22.src.rpm
6325021 195458fdb61043b1ea16fb4ddeaecf2e
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/httpd-2.0.48-22.i586.rpm
893150 60673f331c498beff6bb1e62bf768475
Source Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/apache-1.3.27-43.src.rpm
3116264 d1cfc40f44eb05aa00570e0f15adf402
Binary Packages
Size: MD5
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-1.3.27-43.i586.rpm
504350 7175fbf7b0f22e14c6a4a4d4b7298de1
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-devel-1.3.27-43.i586.rpm
96084 2cff7232945848d35030cd4b8e1ca78b
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/apache-manual-1.3.27-43.i586.rpm
852222 a1c4c9cba476704e0220487f88c5c47f
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mod_ssl-2.8.14-43.i586.rpm
183501 0132270e19bcaa1cb5608b5688ce9b81
References:
CVE
[CVE-2007-5000]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
--------------------------------------------------------------------------
Revision History
25 Dec 2007 Initial release
--------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHcN4YK0LzjOqIJMwRAsxHAJ9n3UasZW5ukNeaCRR+A1HjWYFLwQCgqBDQ
KPXVvvq+/1FjX/7wZkss8o0=
=j6mt
-----END PGP SIGNATURE-----
|